@SThatipelly, So the thing to keep in mind is that (in a normal configuration) the firewall will be analyzing the session looking for things like vulnerabilities or malicious files already. If it identifies anything, it'll generate the log for the identification and likely close the session at the same time depending on how you have things configured. In the event that you simply want to know that you have a long-running session being used to transfer files, logging at session start really wouldn't give you any additional information there through traffic logs. It's just going to log the start and end of the session. You really need to be monitoring the current sessions traffic to really can actionable information from that regard, which would generally be done via netflow monitoring or using SNMP/API to monitor the session table.
... View more