My goal is to stand up a fully-functioning, lightweight SIEM that runs comfortably on a Raspberry Pi 4 (or similar ARM board) and watches over a small fleet of IoT devices and their gateway. The finished system must be able to: • collect logs and security events in real time through common IoT protocols • analyse and filter those events locally, flag unusual behaviour, and trigger alerts immediately • stay reliable even when bandwidth is limited, all while keeping CPU, RAM, and storage use very low I have already outlined the core requirements and kept them intentionally simple so the build remains manageable and inexpensive. Open-source tooling is preferred—think Elasticsearch, Logstash, Kibana, or anything comparably lightweight—so long as the final bundle installs cleanly and is easy to reproduce on fresh hardware. Deliverables I expect: 1. An architecture and configuration plan tailored to Raspberry Pi 4 (32- or 64-bit OS) 2. Working code / scripts that ingest logs, perform on-device correlation, and emit alerts (e.g., email, web-hook, or MQTT) 3. A brief but clear deployment guide so I can flash an SD card, boot the Pi, and be protected in one sitting 4. A quick demo dataset or test scenario proving that malicious traffic is detected and surfaced Acceptance criteria will be verified by booting the image, connecting sample IoT traffic, and seeing the alert pipeline fire without pushing CPU or memory beyond modest limits. If you have practical experience squeezing security analytics onto edge hardware and can keep the stack lightweight, this project should be straightforward.