there is no message like allowed or denied..it just states source ,destination and traffic from src to dst over 5061..

i was wondering if it somehow signifies return traffic looking at the direction on the bond interface..for all these absent action entries the direction is reversed on the bond interface

I'm assuming this is related to an existing SIP session and you're logging individual connections versus consolidating into sessions.
In which case the "Accept" rule is implied since it's being permitted via the state table and not an explicit rule.

Hey PB, I have recently noticed these types of log entries as well and was also curious why I don't understand.  I *thought* I understood that a packet arriving at the gateway for an established connection already in the state table was not logged.  But if the packet is a SYN request for a new connection it would be logged?  And if there were already an entry in the state table for this connection that would indicate improver tear down on the prior connection?  Is something strange going on here like a packet without a proper sequence number?  But wouldn't that be dropped?  A SYN packet that somehow randomly matches the sequence number of another connection in the state table?  

I attached what I think you were asking for RE "Log Card" on an example. 

Also I have to admit I'm not sure I have any experience with "logging individual connections versus consolidating into sessions", can you provide me a SK number or something?

Thanks for all of your good work -- 

Can you please expose the timestamps in your first screenshot showing multiple logs?  It looks like the two "blank" connections are associated with the "Accept" that follows but matching on different service objects.  Almost like it has something to do with "Match for Any" or even Smart Connection reuse.  Also on the rule that is creating the log entry with the "Accept", please right click and click More in that rule's Track column to expose the hidden Log Generation options that are set.  Looks like you only have "per Connection" set but I want to make sure.  I'll be talking about these hidden Log Generation options in my upcoming speech at CPX.

Yes you are correct that "per Connection" is set.  And to clarify I did not post the original question I was adding to the thread because I had the same issue as the original poster.  I added the Log Card after Phone Boy indicated it would be helpful. 

I seen these types of logs many times even with TAC on the phone when troubleshooting, but would be nice to know what they actually mean. I cant really follow any logic as far as times/occasion when they show up. Seen them for https inspection, voip, vpn...

Was there any news or explanation to this? Also having same in my logs without any matching Rule nor any accept log entries before these "connection" log entries. Wondering where these are coming from and how they can occur without having SYN packets received at all (no SYN packets for session establishing in last 7 days at all). Noticing this for tcp/631 ports instead of SIP.