Identity Firewall Event Log Sources

After configuring event log servers in the Active Directory, you need to turn on the Event Log Sources or VMware vRealize Log Insight.

When using event log scraping, ensure that NTP is correctly configured across all devices. See Time Synchronization between NSX Manager, vIDM, and Related Components.

Note:

Event log scraping enables IDFW for physical devices. Event log scraping can be used for virtual machines, however guest introspection will take precedence over event log scraping. Guest Introspection is enabled through VMware Tools and if you are using the complete VMware Tools installation and IDFW, guest introspection will take precedence over event log scraping.

VMware vRealize Log Insight 8.6 and later is supported with the provider configurations:

Palo Alto Global Protect
Aruba ClearPass

For more information about configuring VMware vRealize Log Insight see Integrate vRealize Log Insight with NSX Identity Firewall.

Navigate to Security > General Settings > Identity Firewall Event Log Sources and toggle the button for Event Log Sources or vRealize Log Insight.