NSX-T Identity Firewall Event Log Scraping - Large Environments
Is it possible to configure Identity Firewall Event Log Scraping to servers that hold subscribed events? Or do event log servers in the id firewall configuration *have* to be domain controllers, because there's no way of telling NSX to look in an event log other than the security log?
We have a pretty large environment - NSX-T 3.2.2, multiple domains, many sites, many domain controllers. Since domain controllers only hold events for logon attempts against that particular domain controller, we'd end up having to configure a lot of event log servers in NSX.
With other user ID solutions we've been able to configure event log forwarding on a box, which acts as an aggregation point for these types of events, and we point the solution at that. Is it wishful thinking I can get NSX-T to do that?