Traffic logs not shown the recent logs for particular source IP

already I have tried the clear session command. Now the traffic flow is working as expected. problem is not able to see the traffic logs on gui. yesterday logs were able to see for those 2 IP's.

its just showing 25-11-2020 logs.live logs not visible

Are those sessions for those 2 ip still active?

Yes, active

Are those 2 IP located in the same zone ?

Yes same zone. initially it was hitting interzone rule after I cleared the session it hitting the correct rule. eventhough traffic logs are not able to see in gui.

Is there need restart any process ? if yes, please share the cli command to restart the process

Are those sessions for those 2 ip still active? Are those 2 IP located in the same zone (as they could be hitting the intrazone policy) Try clear session all filter source 192.x.x.x destination 172.x.x.x And see if there's a log entry then

Fresh sessions are all time. Logging are enabled on rule.all are other source Ip's traffic are able to view in gui. only two src ip's are not able to see on traffic log. those two ip's logs were received on yesterday. logs hitting the correct rule.

Are the sessions 'long lived', or are there fresh sessions all the time ?

Sessions typically only write a log when they are closed, so that might be an issue.

Also try to determine which rule they hit (with the very first packet, and consecutive rules while APP-ID is being determined) and make sure logging is enabled on all of them: A packet will first be checked against the security rules by its source ip/zone, destination ip/zone, destination port, and protocol (so not the app-id yet), so it could be the syn packet is hitting a different rule than the one the session ends up on. if that first rule does not have logging, that could cause logs to not be written