Distributed Firewall generates three types of logs:

Distributed Firewall logs includes all access decisions such as permitted or denied traffic for each rule if logging was enabled for that rule.

Audit logs include audit records for situations like admin login, configuration change, etc. Audit records provide granular details of all changes.

System event logs include firewall configuration changes.

See System Events and Audit Logs.