I'm running VPN-1 UTM and this tricked worked fine.
Looking at the registry, there are several keys under HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\
which look to pertain to whichever version you have installed.
Under the top level key HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\ is a "CurrentVersion" String.
Mine is "6.0" so I navigated to HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\6.0 and created the "FWLOGDIR"
string there, restarted the firewall and my logs appeared in the new location specified under "FWLOGDIR".
Below is a note from the old Phoneboy FAQ detailing this tip for earlier versions.
FireWall-1 Versions 3.0b-4.0 support modifying (or adding) the following
registry entry (It is of type String):
Specify the full path name to the log directory here.
In 4.1, create the following registry entry:
Note: this directory must exist. You will need to restart the FireWall-1
service for this to take effect.
On Unix machines, you can symbolically link the $FWDIR/log directory to
another drive. For example:
mv $FWDIR/log $FWDIR/log.old
ln -s /path/to/new/logdir $FWDIR/log