At a higher level, you can also see what Rule and Role hits are being hit from the WebUI. It won't give you granular details, but can help to see what protocol...in what policy....in what role is being denied.
Monitoring --> Firewall Hits (under Controller on left)