Unable to see the logs of firewall rules applied to the NSX-Edge Gateway Firewall Log (T1), even though the DFW logs can be seen in both Aria Operations for Logs and Cloud Director (vCD).

Aria Operations for Logs 8.18.x

The Cause is that an incorrect combination of options are given in NSX when configuring the Syslog Servers on the Node profiles tab of Configuration > Profiles.

• The NSX integration can be used with UDP on port 514 for Syslog.
• The LI protocol on port 9000 can also be used only if the SSL is disabled.

1. 1. Log in to Aria Operations for logs UI
   2. Navigate to Configuration > SSL
   3. Ensure that API Server SSL is disabled.

For port 514, protocol should be TCP or UDP.
For port 9000, protocol must be LI (Aria Operations for Logs), however in order to use this option you must make sure that the Operations for Logs server does not require SSL as described: Enforce SSL-Only Connections

For more information, see the Ports and Protocols page and Diagnose Log Ingestion.