Hello Pavan.
1) The logging on SRX platforms:
There are two types of logging:
- control plane (RE) - what goes to CPU (routing protocols, interfaces, chassis) - handled by eventd process
- configured under [edit system syslog]
- data plane (PFE) - what is processed by hardware data plane (e.g. security sessions)
- this can be handled in eventd mode (goes to RE) or stream mode (text or binary format)
- configured under [edit security log]
The behavior is different between branch and non-branch devices. Behavior can change with Junos versions.
Please see more information on link below:
https://www.juniper.net/documentation/en_US/junos/topics/concept/security-system-log-message-overview.html
Event mode logging (not intended for non-branch models)
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-system-send-all-log-message-eventd-setting.html
Stream mode logging
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-system-stream-security-log-revenue-port-setting.html
Does your SRX have configured something under [edit security log] stanza?
2) Security policy settings
Does policy matching the RDP traffic having log option enabled (then log session-init / then log session-close)? See example below
[edit]
SRX # show security policies from-zone trust to-zone untrust | display set
set security policies from-zone trust to-zone untrust policy RDP-POLICY match source-address RDP-CLIENTS
set security policies from-zone trust to-zone untrust policy RDP-POLICY match destination-address RDP-SERVERS
set security policies from-zone trust to-zone untrust policy RDP-POLICY match application RDP-APP
set security policies from-zone trust to-zone untrust policy RDP-POLICY then permit
set security policies from-zone trust to-zone untrust policy RDP-POLICY then log session-init
set security policies from-zone trust to-zone untrust policy RDP-POLICY then log session-close
You won't be able to see any log for sessions with "then log" session action missing. Note for production device I would recommend to use session-close logging for permit policies and session-init for deny policies (if logging of denied traffic is required).
Let us know you configuration of logging and security policy (anonymize it).
Knowing the Junos version could help to assist further.