Problem Description:
The customer has configured the edge to send firewall logs to the VCO, but no firewall logs are appearing under Monitor >> Firewalls.

Upon further investigation, we found that the firewall logs in /var/log are empty

Checks Performed:

Global Setting:
We confirmed that the global setting "Enable Firewall Logging to Orchestrator" is enabled.

In version 5.2.x, to log to the file, you must explicitly enable local firewall logging from the Remote Diagnostics page. Once enabled, a new edged_firewall.log file will be generated.

Enabled local firewall logging from remote diagnostics

If the Edges is less than 5.2, then this feature suppose not to be working as starting from 5.2 it provides a hosted log storage to collect firewall and threat logs (allow and deny rules) from Edges. In its initial release in 5.2.0, by default the Orchestrator keeps either 15 GB of logs or seven days of logs (whichever comes first) per customer tenant, after which the logs will be overwritten. This service is included with a valid VMware SD-WAN license.