Hello @SunilduttJ
1.
All the configurations logs can be found under: Monitor > Logs > Configuration. You can send all the configuration logs to syslog server from: Device > Log Settings > Configuration > Add, then select syslog server from drop down list. If you are interested only in sending security policy creation logs, then you can use this filter: ( full-path contains '/rulebase/security/' ). Unless the name of the policy includes some indication that it is "any" policy, I do not think there is another way to send selectively forward only logs related to "any/any" policy.
2.
For the second point, these logs are in the configuration logs as well. You can setup the same forwarding. You can narrow down only add new account related logs by using this filter: ( full-path contains '/users/entry' ) and ( cmd eq set ).
3.
Some of the authentication logs are located under: Monitor > Logs > Authentication and some under System. You can forward these logs to syslog server. If you are searching only logs related to admin adding authentication method, then this will be recorded in the configuration logs. Would it be possible to elaborate more what information would you like to capture from SAML logs?
Kind Regards
Pavel
