URL filtering logs are only generated when an action results from
a URL category match. If you have Security policy rules with applications as
match criteria, a URL can be blocked due to an application (App-ID) rather
than a URL category match. This behavior depends on how packets in the
session are parsed.
For example, suppose you have a Security policy rule that blocks the
social-networking category and another rule that blocks a specific social
media application. Traffic to the social media website could result in a
Security policy lookup that hits an App-ID rule instead of a URL filtering
rule. In this case, a URL filtering log isn't generated.