Google cloud VPC Firewall rule does not show any rejected logs

I have Google VPC firewall rule to allow ssh(default tcp:22) access to a compute instance VM, this firewall rule has the highest priority in the VPC. The firewall rule has logging turned on.

When looking in the Google Stackdriver Logging console i can see entries for ALLOWED connection. When i try to ssh to this host from a host that is not allowed to access it fails as expected but no log entry is showing in the Logging console.

I am assuming REJECTED entries should also be logged. What could be the reason for this?