The ProxySG was set up to sign and encrypt access logs and the upload schedule was configured to continuously upload the access logs.
With this setup the ProxySG will generate three files on the ftp server where the access logs are being uploaded
.sig files and
The .enc files are the actual encrypted access logs and will grow over time until the appropriate rotation trigger event occurs, either the upload scheduled time is reached or the file size has reached the maximum set by the administrator. The .der and .sig files are not created until the ProxySG has finished writing to the .enc file.
With this configuration there is window of opportunity for the creation of orphaned .enc files if the connection to the ftp server is lost at any time. This will also depend to some extent on the operating system running the ftp server and the ftp server itself, some OSs will delete the .enc files if the connection is dropped others may leave the .enc file thus creating an orphaned .enc file as it is missing the corresponding sig and .der files. When connection to the ftp server is re-established the ProxySG will open a new .enc file and start writing to it. the contents in the orphaned enc file are not usable and so data is lost.
This is working as designed.
If you have continuous update configured there will always exist the risk that a loss in communications, for whatever reason, will lead to this situation. The only way to avoid this is to change the configuration from "Uploading the access logs continuously" to "Uploading the access logs periodically" in the "Access logging" configuration.