For traffic destined to the SRX you have to create the policy using the junos-host zone.
Log the policy on session initiation
Be aware that deny logging can generate a LOT of logs on interfaces facing the internet. So local logging will roll over frequently or will consume a lot of space in your syslog.