Symptoms:
VMware Aria Operations for Logs 8.x
This issue occurs because Aria Operations for Logs' cluster virtual IP uses a Linux Virtual Server in Direct Server Return Mode (LVS-DR) for load balancing which is not supported by NSX.
This is an expected behavior for Aria Operations for Logs while using NSX networking.
To work around this issue, exclude the virtual machines that are part of the Aria Operations for Logs cluster from VMware NSX Distributed Firewall Protection.
After adding the nodes to the exclusion list, it is necessary to perform a reboot of all nodes in the Aria Operations for Logs cluster.
Note: A service restart will not suffice here, a reboot is required.