First off have you got "set security log mode stream" In your configuration ?
As Event and stream behave diferently (event mode which from memory is the default on Branch devices sends the loging information to the control plain while stream just sends it from the forwarding plane)
SRX can either send policy logs in "event" mode or either in "stream" mode, but it cannot be set up to use both at the same time. Whenever you flip from event to stream, everything configured for policy logging under "system syslog" is ignored.
Below is a KB article that explains the opposite behavior you are having right now. In that case, the policy logs matched using regex "RT_FLOW" only happens in the Routing Engine, but the configuration is being ignored if the device is set up in "stream".