Documentation

BANNER

Downloads

Logging Made Easy

CISA’s Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. Whether you’re upgrading from a previous version or deploying for the first time, LME offers a scalable, efficient solution for logging and endpoint security.

Check out the LME introduction video here.

Who is Logging Made Easy for?

From single IT administrators with a handful of devices in their network to small and medium-sized agencies. Really, for anyone! LME is intended for organizations that:

  • Need a log management and threat detection system.
  • Do not have an existing Security Operations Center (SOC), Security Information and Event Management (SIEM) solution or log management and monitoring capabilities.
  • Work within limited budgets, time or expertise to set up and manage a logging and threat detection system.

Installation

Please view the install guide.

Updates

For LME’s 2.0 release, we’re introducing several new features and architectural components to improve Security Information and Event Management (SIEM) capabilities while simplifying overall use of LME:

  • Enhanced Threat Detection and Response: Integrated Wazuh’s and Elastic’s open-source tools, along with ElastAlert, for improved detection accuracy and real-time alerting.
  • Security by Design: Introduced Podman containerization and encryption to meet the highest security standards.
  • Simplified Installation: Added Ansible scripts to automate deployment for faster setup and easier maintenance.
  • Custom Data Visualization: Design and customize dashboards with Kibana to meet specific monitoring needs.
  • Comprehensive Testing: Expanded unit testing and threat emulation ensure system stability and reliability.

LME 2.0 is fully operational and built to deliver effective log management and threat detection. As part of our commitment to continuous improvement, future updates, including version 2.1, will introduce additional enhancements for scalability and deployment flexibility.

Questions and Community Engagement:

We encourage users to connect and engage with the LME community via GitHub Discussions.

If you’re troubleshooting your installation, be sure to utilize our troubleshooting documentation.

If you have a question regarding LME (technical matters, installation issues, service bugs, etc.) or just general questions, please utilize GitHub Discussions. Before starting a new discussion, please take a moment to review previously submitted questions to determine if your inquiry has already been addressed. If it has not, feel free to submit a new discussion and the technical team will do their best to answer you in a timely fashion.

If you believe you have found a bug or issue with LME code or documentation, please submit a GitHub issue. Please review current issues to see if the problem you are experiencing has been previously addressed or has an open issue.

If you would like to connect with the LME technical team in a 1:1 support session, please fill out this form. In these sessions we can help users troubleshoot technical issues they are encountering with their installation and receive feedback from users regarding the tool and improvements that can be made. Please note that the availability of these sessions is dependent on the technical team’s availability, and it may take a few weeks for us to reach out to you for scheduling.

Share Your Feedback:

Your input is essential to the continuous improvement of LME and to ensure it best meets your needs. Take a few moments to complete our LME Feedback Survey. Together, we can improve LME’s ability to secure your organization!

Agents

Endpoint Tools

Install

Integrations

Logging Guidance

Maintenance

Prerequisites

Reference

Last modified June 12, 2025: PUsh docs fixes (ba51a39)