UK NCSC ends Logging Made Easy support, warns businesses against continued use

The UK’s National Cyber Security Centre is ending support for the LME project to divert resources to new initiatives designed to help protect the UK’s cyber infrastructure.

11 event logging
Getty Images

The UK’s National Cyber Security Centre (NCSC) has announced that it will be ending its support for the Logging Made Easy (LME) project from March 31, 2023. LME is an open-source project that pulls together multiple pieces of free software to provide basic logging of security information on enrolled Windows devices. Whilst it has been a useful tool for simplified entry to a security information and event management (SIEM) system for anyone managing a fleet of Windows-based device, the NCSC stated that this decision will allow it to divert resources to new initiatives designed to help protect the UK’s cyber infrastructure as part of the UK government’s National Cyber Strategy. The LME GitHub page will close shortly after March 31, 2023.

UK businesses warned of risks of continued Logging Made Easy use

In a blog, the NCSC wrote that, after March 31, 2023, businesses that rely on LME have two options – to continue to use LME and self-maintain the installation or to move to an alternative logging solution. However, continued use carries notable risks, it added. “Although it might be tempting to continue using LME after NCSC support has ended, there are significant risks involved in doing so. Over time, it’s likely that vulnerabilities will be discovered in the libraries that LME uses. If you’re maintaining your own LME installation, you’ll need to make sure that all vulnerabilities are updated as soon as practicable. The NCSC previously carried out this work, for example with the Log4j vulnerabilities.” The NCSC therefore recommended that LME users migrate to alternative logging tools unless they are confident in their ability to manage the security updates.

For businesses that decide to move on from LME and explore other open-source alternatives designed to help with security monitoring, the NCSC cited the following, non-commercial options).

Alternative option

Further information

Security Onion

Has documentation to help use various log types, including integrating Sysmon for Windows networks

Elastic (ELK) Stack

Has documentation describing use of Elastic Agent to collect log data from systems, including Windows

Windows Event Forwarding

Useful for larger organisations

Copyright © 2023 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)