Hi,
Thanks very much for your reply.
As my understanding, it will generate a log when the TCP session is established. ( Yellow hightlighter)
And if the connection keeps open and keeps forwarding log packets then it won't generate more logs.
Until the server or client initiate "CLOSING THE CONNECTION" , or some Time-Out triggered closing the session.
Next time when a new SYN -> SYN+ACK -> ACK established a new connection with a new source port , it will generate a new log.
Is it right ? I think that would explain the intermittent logs perfectly.
Thanks again