Technical Tip: Duplicate session logs are seen in the forward traffic logs for long live session packets

When a large file from the Internet is uploaded, it is possible to notice multiple forward logs with the same session ID for long live session packets with a data size value higher than the data size value uploaded on the Internet.

date=2023-03-22 time=23:10:17 eventtime=1679526617517710933 tz="+0000" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="xxx" srcip=xx.xx.xx.xx srcport=61159 srcintf="xxxx-xxx" srcintfrole="lan" dstip=xx.xx.xx.xx dstport=1521 dstintf="xxxx" dstintfrole="lan" srccountry="Reserved" dstcountry="Reserved" sessionid=3215210065 proto=6 action="close" policyid=171 policytype="policy" poluuid="xxxx" policyname="xxxxxx" service="xxxx" trandisp="noop" duration=49803 sentbyte=99274538 rcvdbyte=77504841 sentpkt=220550 rcvdpkt=157965 appcat="unscanned" sentdelta=273 rcvddelta=10401 mastersrcmac="2c:dd:e9:2b:a9:97" srcmac="2c:dd:e9:2b:a9:97" srcserver=0 masterdstmac="2c:dd:e9:2b:a9:97" dstmac="2c:dd:e9:2b:a9:97" dstserver=0

date=2023-03-22 time=23:10:15 eventtime=1679526615421020379 tz="+0000" logid="0000000020" type="traffic" subtype="forward" level="notice" vd="xxx" srcip=xx.xx.xx.xx srcport=61159 srcintf="xxxx" srcintfrole="lan" dstip=xx.xx.xx.xx dstport=1521 dstintf="xxxx" dstintfrole="lan" srccountry="Reserved" dstcountry="Reserved" sessionid=3215210065 proto=6 action="accept" policyid=171 policytype="policy" poluuid="xxxx" policyname="xxxxxx" service="xxxx" trandisp="noop" duration=49801 sentbyte=99274265 rcvdbyte=77494440 sentpkt=220545 rcvdpkt=157942 appcat="unscanned" sentdelta=30542 rcvddelta=22168 mastersrcmac="2c:dd:e9:2b:a9:97" srcmac="2c:dd:e9:2b:a9:97" srcserver=0 masterdstmac="2c:dd:e9:2b:a9:97" dstmac="2c:dd:e9:2b:a9:97" dstserver=0

When forward logs with logid 0000000020 are noticed, it is duplicate logs generated for long live session packet which can be ignored.