• United States



UK Editor

UK NCSC ends Logging Made Easy support, warns businesses against continued use

Jan 25, 20232 mins
Security Information and Event Management SoftwareThreat and Vulnerability Management

The UK’s National Cyber Security Centre is ending support for the LME project to divert resources to new initiatives designed to help protect the UK’s cyber infrastructure.

11 event logging
Credit: Getty Images

The UK’s National Cyber Security Centre (NCSC) has announced that it will be ending its support for the Logging Made Easy (LME) project from March 31, 2023. LME is an open-source project that pulls together multiple pieces of free software to provide basic logging of security information on enrolled Windows devices. Whilst it has been a useful tool for simplified entry to a security information and event management (SIEM) system for anyone managing a fleet of Windows-based device, the NCSC stated that this decision will allow it to divert resources to new initiatives designed to help protect the UK’s cyber infrastructure as part of the UK government’s National Cyber Strategy. The LME GitHub page will close shortly after March 31, 2023.

UK businesses warned of risks of continued Logging Made Easy use

In a blog, the NCSC wrote that, after March 31, 2023, businesses that rely on LME have two options – to continue to use LME and self-maintain the installation or to move to an alternative logging solution. However, continued use carries notable risks, it added. “Although it might be tempting to continue using LME after NCSC support has ended, there are significant risks involved in doing so. Over time, it’s likely that vulnerabilities will be discovered in the libraries that LME uses. If you’re maintaining your own LME installation, you’ll need to make sure that all vulnerabilities are updated as soon as practicable. The NCSC previously carried out this work, for example with the Log4j vulnerabilities.” The NCSC therefore recommended that LME users migrate to alternative logging tools unless they are confident in their ability to manage the security updates.

For businesses that decide to move on from LME and explore other open-source alternatives designed to help with security monitoring, the NCSC cited the following, non-commercial options).

Alternative option

Further information

Security Onion

Has documentation to help use various log types, including integrating Sysmon for Windows networks

Elastic (ELK) Stack

Has documentation describing use of Elastic Agent to collect log data from systems, including Windows

Windows Event Forwarding

Useful for larger organisations

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author