Local logging is limited in size and will automatically make sure you don't fill the available space. You can increase local logging by adding a USB drive or memory stick to the SSG USB port. I have a configuration posted for this process in the Configuration Library forum.
http://forums.juniper.net/t5/Configuration-Library/ScreenOS-Configure-Logging-to-USB-Device/m-p/64641#M164
For example: in the policy From Untrus to Trust, I have created rules to allow incoming HTTP/SMTP etc. And then the last rule I have created, is set to block everything. But I don't see anything of the traffic that is beeing blocked, I only see the traffic that is allowed. I guess I should be seeing at least some incoming junk traffic, like port scan etc.
The policy log will only show traffic that MATCHES the policy in question. So when you create a PERMIT policy what will be logged is traffice permitted. In this case the denied traffic you are looking for is hitting none of your configured policies but the global implicit deny policy. That is why they do not show in your policy logs.
And for system related logs (like login attempts to the SSG from the outside, alerts and so on), I guess I need a syslog server, only having the latest entries on the SSG it self.
System logging is under "Reports--System Logs--Events" in the web UI. On the CLI use
get log event ?
and you will see all the options of what to look for there.
You don't require a syslog server for any of this. But the syslog server offers several advantages. The logs get saved for as long as you want them instead of till space runs out or a reboot occurs. And good syslog software allows nice reporting and search functions.