In a fresh install, common audit log publishers (access and HTTP access) are pre-defined and disabled. It is sufficient to enable the log publishers to have them working.
In an upgrade, no common audit log publisher are defined. So to have them, it is necessary to create them.
There should be a common way to set them up for fresh installs and for upgrades, either by only enabling pre-defined ones in the config or by creating them.