Table of contents
Fluency’s integration with Peplink devices has three portions.
- Firstly, as a SIEM, Fluency has the ability to accept Syslog export from Peplink devices.
- Secondly, utilizing Fluency’s expertise in network reconstruction, Fluency can ingest NetFlow (IPFIX) data.
- Lastly, Fluency can integrate with InControl and leverage the API to further collect data, or to perform additional actions.
The Syslog settings should be configured as follows. The log server could either be your Fluency server, or your local Fluency collector, whichever works better for your deployment. The default Syslog port is UDP 514.
Note: Syslog over TCP or with TLS is not supported as a sending option in Peplink
Session Logging is not required / needed if NetFlow data is also being sent \(See following section.\)
Add a log rule to your Firewall settings. The configuration procedure is slightly different, depending on if the equipment is managed locally or remotely via Peplink’s InControl.
The Firewall logging rule is critical. Without this setting, Fluency will not be able to fully reconstruct the network traffic seem by the Peplink device. \(Some data, such as URL filtering logs, or Peplink system logs will still be sent.\)
Depending on Peplink device model, or firmware version ( > 8.1), there may be a NetFlow option. According to Peplink documentation, manually edit the URL to get to the support page. The server again could either be your Fluency server, or local collector. The default NetFlow port is UDP 2055.
Note: NetFlow over UDP is not encrypted in transit
An API token from the InControl portal is used by Fluency to provide API integration.
To create an API token, log in to the InControl portal.
From the top right corner, select your username to navigate to the user setting edit page.
Scroll down to the bottom of this page, to create a new Client application.
Use the following settings when creating the application. The redirect URI could be http://www.peplink.com.
Once created, select the Application name to navigate back to the Application settings page. Make a note of the Client Info values (ID and Secret)
The token must be authorized prior to being used. Navigate to the following URL in a browser in a new tab/window:
Authorization Endpoint: https://api.ic.peplink.com/api/oauth2/auth?client_id=[CLIENT_ID]
Where the [CLIENT_ID] is the ID shown in the previous step.
Click Accept on the following page to Authorize the token for the InControl account.
Back on the previous user setting page in the InControl portal, ensure that the Application above is now authorized.
Please provide theses API credentials to Fluency Support. InControl API integration will be established from the back-end after receiving the credentials.