Please check the service list of the node management interface if it is allowed for "management-log-forwarding".

network interface show -vserver <cluster> -lif <node_managemnt_lif> -inst

Vserver Name: cluster_name
Logical Interface Name: <node(a/b)_management_lif>
Service Policy: default-management
Service List: management-core,
management-autosupport,
management-ssh, management-https,
management-ems,
management-ntp-client,
management-dns-client,
management-ad-client,
management-ldap-client,
management-nis-client,
management-http,
backup-ndmp-control,
management-snmp-server,
management-ntp-server,
management-log-forwarding

If it is not there (allowed services), you can add it.