WatchYourLAN
WatchYourLAN is a lightweight Go-based network IP scanner with a web UI that detects devices on your LAN, tracks their online/offline history, and sends notifications when new hosts appear. It can export metrics to InfluxDB2 or Prometheus for Grafana dashboards.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | aceberg/WatchYourLAN |
| Owner | aceberg |
| Primary language | Go |
| License | MIT — OSI-approved |
| Stars | 7.1k |
| Forks | 245 |
| Open issues | 58 |
| Latest release | 2.1.4 (2025-09-10) |
| Last updated | 2025-09-10 |
| Source | https://github.com/aceberg/WatchYourLAN |
What WatchYourLAN is
Go application using ARP scanning (via arp-scan binary) to discover network devices, storing history in SQLite or PostgreSQL. Exposes a web GUI on port 8840, integrates with Shoutrrr for multi-channel notifications, and exports metrics via InfluxDB2 and Prometheus endpoints.
Get the WatchYourLAN source
Clone the repository and explore it locally.
git clone https://github.com/aceberg/WatchYourLAN.gitcd WatchYourLAN# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires host network mode in Docker; port 8840 will be exposed on the host interface—must restrict access via firewall or reverse proxy.
- Depends on arp-scan binary (external system tool); verify it is installed in your container/VM and compatible with your network interfaces.
- Configure timezone (TZ), network interfaces (IFACES), and scan timeout (TIMEOUT) carefully; incorrect interface names will cause no scans.
- For production, choose PostgreSQL over SQLite for better concurrency and data durability; SQLite history may accumulate—use TRIM_HIST to manage size.
- Notifications require Shoutrrr URL configuration; test URLs early to avoid silent failures when new hosts are detected.
When to avoid it — and what to weigh
- Large Enterprise Networks — ARP-based scanning does not scale well to large subnets or complex multi-VLAN environments. Enterprise-grade IPAM/network monitoring tools (Nessus, Zabbix, Netbox) are better suited.
- Built-in Authentication Required — No native authentication; requires external SSO (Authelia, ForAuth) or firewall rules. Not suitable if you need RBAC or audit logging out-of-the-box.
- High-Security Compliance Environments — Lacks formal security audit, FIPS certification, or detailed security hardening documentation. Single-developer project may not meet enterprise compliance or SLA requirements.
- Windows-Only Infrastructure — Requires Linux/Docker container and arp-scan binary; no native Windows GUI. Not practical for Windows-centric networks without containerization.
License & commercial use
MIT License: permissive open-source license allowing commercial use, modification, and redistribution with attribution. No license restrictions on derivative works or commercial deployment.
MIT License permits commercial use without restriction. However, this is a single-developer open-source project with no commercial support, SLA, or indemnification. Commercial users should review their risk tolerance for security updates and maintenance.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
No built-in authentication—external SSO or firewall rules mandatory. Host network mode exposes port 8840 directly; use reverse proxy with TLS. Single developer; no formal security audit or CVE disclosure process documented. arp-scan binary is external system tool with own security posture. Shoutrrr URLs and DB credentials must be managed securely (env vars, secrets manager).
Alternatives to consider
Nessus / Tenable
Enterprise-grade network discovery and vulnerability scanning; best for large, complex networks and compliance-heavy environments, but significantly higher cost and complexity.
Zabbix
Full-featured monitoring suite with network discovery, alerting, and Grafana integration; scales to large networks, but steeper learning curve and resource overhead.
Netbox
IP address management (IPAM) with network device tracking; better for documentation and multi-site management, but not real-time monitoring-focused.
Build on WatchYourLAN with DEV.co software developers
WatchYourLAN is lightweight and self-hosted. Deploy via Docker today and get real-time device detection with Grafana dashboards. Perfect for small networks and home labs.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
WatchYourLAN FAQ
Does WatchYourLAN support IPv6?
How much historical data can it store?
Can I use WatchYourLAN on Windows?
Is there built-in user authentication?
Custom software development services
Adopting WatchYourLAN is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.
Ready to Monitor Your Network?
WatchYourLAN is lightweight and self-hosted. Deploy via Docker today and get real-time device detection with Grafana dashboards. Perfect for small networks and home labs.