After configuring event log servers in the Active Directory, you need to turn on the Event Log Sources or Aria Operations for Logs.
When using event log scraping, ensure that NTP is correctly configured across all devices. See the topic Time Synchronization between NSX Manager, vIDM, and Related Components.
Note:
Event log scraping enables IDFW for physical devices. Event log scraping can be used for virtual machines, however guest introspection will take precedence over event log scraping. Guest Introspection is enabled through VMware Tools and if you are using the complete VMware Tools installation and IDFW, guest introspection will take precedence over event log scraping.
Aria Operations for Logs 8.6 and later is supported with the provider configurations:
- Palo Alto Global Protect
- Aruba ClearPass
Navigate to Aria Operations for Logs.
and toggle the button for Event Log Sources or