Skip to content
ShieldLensProan Elevian.io product

> documentation

Everything you need. In plain English.

Most installs are done in 60 seconds. The pages below cover the other 1% of cases — vendor-specific syslog configuration for all 18 supported firewalls, REST API usage, and compliance reports.

Already a customer?

ShieldLens runs on your server — there is no central login. Open your install at http://your-shieldlens:8080 and sign in with the credentials you set during install.

> installation

Install in 60 seconds

  • Windows: download shieldlens-2.4.exe and double-click
  • Linux: pip install shieldlens-pro && shieldlens start
  • Docker: docker run -p 8080:8080 -p 1514:1514/udp elevian/shieldlens
  • Air-gap install: download offline bundle from your portal

> vendor_configuration

Syslog configuration · all 18 vendors

Copy-paste commands to point your firewall's syslog at ShieldLens. Replace <ip> with your ShieldLens server address. Default port 514 (or 1514 when running rootless).

vendor_cli_reference18 vendors · syslog default
Fortinet FortiGate
FortiGate-200F
key=value · CEF
config log syslogd setting / set status enable / set server <ip> / set port 514 / end
Palo Alto Networks
PA-440
CSV · CEF · LEEF
set shared log-settings syslog <profile> server <name> server <ip> transport UDP port 514 format BSD
Sophos XG / XGS
XGS 3100
key=value
set log syslog-server add name <name> host <ip> port 514 facility DAEMON
Cisco Firepower / FTD
FPR-2110
Cisco · key=value
Configured via FMC → Devices → Platform Settings → Syslog
Juniper SRX
SRX340
BSD · RFC 5424 structured
set security log mode stream / set security log stream <name> format syslog host <ip>
Check Point
Quantum 6200
Syslog · CEF · LEEF · JSON
cp_log_export add name <name> target-server <ip> target-port 514 protocol udp format cef
SonicWall
TZ670
Enhanced k=v · CEF
Device → Log → Syslog → Add server <ip>:514, enable Enhanced Syslog
Huawei USG
USG6610E
Custom key=value
info-center loghost <ip> port 514 facility local7 / info-center enable
Barracuda CloudGen
F800
BSD syslog
Box → Infrastructure Services → Syslog Streaming → Add destination <ip>:1514
Cisco ASA
ASA 5520
Cisco proprietary
logging enable / logging host inside <ip> / logging trap informational
WatchGuard Firebox
Firebox M390
Custom · LEEF
System → Logging → Syslog Server → Add <ip>:514
F5 BIG-IP
BIG-IP i4800
BSD · HSL k=v · CEF
tmsh modify sys syslog remote-servers add { soc { host <ip> remote-port 514 } }
Zyxel USG / ATP
USG FLEX 500
VRPT · CEF
Configuration → Log & Report → Log Settings → Remote Server <ip>
MikroTik RouterOS
CCR2004
BSD · CEF (7.18+)
/system logging action add name=soc target=remote remote=<ip> remote-port=514
Cisco Meraki MX
MX85
Custom space-delim
Dashboard → Network-wide → General → Reporting → Syslog servers → Add <ip>:514
pfSense
pfSense+ on Netgate 6100
filterlog CSV · BSD
Status → System Logs → Settings → Remote Logging → <ip>:514
OPNsense
OPNsense 24.x
filterlog CSV · BSD
System → Settings → Logging/Targets → + → Remote <ip>:514
Ubiquiti EdgeRouter / UniFi
UniFi UDM-Pro
BSD · CEF (UniFi 9+)
set system syslog host <ip> facility all level info / commit

> compliance

9 compliance frameworks · audit-ready PDFs

  • PCI-DSS 4.0 — Req 1, 10, 11 evidence
  • ISO 27001:2022 — Annex A.13 controls
  • SOC 2 — CC6.6, CC7.2 monitoring artifacts
  • HIPAA — §164.312(b) audit controls
  • GDPR Art. 32 — security of processing
  • NIST CSF 2.0 — PR.PT, DE.CM evidence
  • CIS Controls v8 — 13.x Firewall
  • NIS 2 — Art. 21 measures
  • Security Audit — generic template

> rest_api

240+ REST endpoints

  • Auth: Bearer token from Settings → API
  • GET /api/v1/firewalls — list connected devices
  • GET /api/v1/events?severity=high&since=24h
  • POST /api/v1/blocklist/export — push to firewall
  • GET /api/v1/compliance/{framework}/report.pdf
  • OpenAPI spec at /api/v1/openapi.json

> troubleshooting

If something doesn't look right

  • No data showing? → confirm UDP 1514 reachable from firewall
  • Vendor not detected? → check Settings → Detection Log
  • PDF report failing? → see /var/log/shieldlens/reports.log
  • License key rejected? → confirm clock skew < 60s
  • Need help? → hello@elevian.io

> sample_reports

Want to see a real compliance PDF?

We can send you a sample PCI-DSS 4.0 or ISO 27001:2022 report — redacted, but produced by a real ShieldLens install. No credit card, no sales call.

Generate your own reportRequest a sample

> changelog

Recent releases

v2.42026-05Smart Context Engine GA. Huawei USG6700 + WatchGuard Firebox M390 support. PDF report builder rewritten.
v2.32026-02NIS 2 framework added. Published Services Intelligence with geo heatmap. F5 BIG-IP HSL ingestion.
v2.22025-11Multi-tenant MSSP mode. PCI-DSS 4.0 controls refresh. Barracuda CloudGen support.
v2.12025-08Cisco FTD + Check Point Log Exporter parsers. Smart Block List GA. OPNsense added.