Hiegawd,
I was doing some testing on this and below are my findings.
1. RT_FLOW_SESSION_DENY is generated with "session-init" and not with "session-close". This makes sense the traffic was dropped while it was initiating. You need to modify the policy logging to include session-init
2. In your setup, we need policy to junos-host for this logs. Otherwise the traffic will hit self-traffic policy and wont hit the global policy.
Feel free to correct me if I have misunderstood any points here.