DEV.co
Open-Source DevOps · aceberg

WatchYourLAN

WatchYourLAN is a lightweight Go-based network IP scanner with a web UI that detects devices on your LAN, tracks their online/offline history, and sends notifications when new hosts appear. It can export metrics to InfluxDB2 or Prometheus for Grafana dashboards.

Source: GitHub — github.com/aceberg/WatchYourLAN
7.1k
GitHub stars
245
Forks
Go
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryaceberg/WatchYourLAN
Owneraceberg
Primary languageGo
LicenseMIT — OSI-approved
Stars7.1k
Forks245
Open issues58
Latest release2.1.4 (2025-09-10)
Last updated2025-09-10
Sourcehttps://github.com/aceberg/WatchYourLAN

What WatchYourLAN is

Go application using ARP scanning (via arp-scan binary) to discover network devices, storing history in SQLite or PostgreSQL. Exposes a web GUI on port 8840, integrates with Shoutrrr for multi-channel notifications, and exports metrics via InfluxDB2 and Prometheus endpoints.

Quickstart

Get the WatchYourLAN source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/aceberg/WatchYourLAN.gitcd WatchYourLAN# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Home/Small Office Network Monitoring

Lightweight scanner ideal for monitoring a small LAN (home or small business) to detect new/unauthorized devices and track device availability over time without heavy infrastructure.

Network Intrusion Detection & Alerting

Sends real-time notifications (Discord, Telegram, Email, Gotify, Matrix, etc. via Shoutrrr) when new hosts are discovered, useful for detecting unexpected network activity.

Grafana Dashboarding & Metrics Visualization

Export to InfluxDB2 or Prometheus enables historical tracking and rich visualization of network device status, uptime trends, and host population changes in Grafana.

Implementation considerations

  • Requires host network mode in Docker; port 8840 will be exposed on the host interface—must restrict access via firewall or reverse proxy.
  • Depends on arp-scan binary (external system tool); verify it is installed in your container/VM and compatible with your network interfaces.
  • Configure timezone (TZ), network interfaces (IFACES), and scan timeout (TIMEOUT) carefully; incorrect interface names will cause no scans.
  • For production, choose PostgreSQL over SQLite for better concurrency and data durability; SQLite history may accumulate—use TRIM_HIST to manage size.
  • Notifications require Shoutrrr URL configuration; test URLs early to avoid silent failures when new hosts are detected.

When to avoid it — and what to weigh

  • Large Enterprise Networks — ARP-based scanning does not scale well to large subnets or complex multi-VLAN environments. Enterprise-grade IPAM/network monitoring tools (Nessus, Zabbix, Netbox) are better suited.
  • Built-in Authentication Required — No native authentication; requires external SSO (Authelia, ForAuth) or firewall rules. Not suitable if you need RBAC or audit logging out-of-the-box.
  • High-Security Compliance Environments — Lacks formal security audit, FIPS certification, or detailed security hardening documentation. Single-developer project may not meet enterprise compliance or SLA requirements.
  • Windows-Only Infrastructure — Requires Linux/Docker container and arp-scan binary; no native Windows GUI. Not practical for Windows-centric networks without containerization.

License & commercial use

MIT License: permissive open-source license allowing commercial use, modification, and redistribution with attribution. No license restrictions on derivative works or commercial deployment.

MIT License permits commercial use without restriction. However, this is a single-developer open-source project with no commercial support, SLA, or indemnification. Commercial users should review their risk tolerance for security updates and maintenance.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

No built-in authentication—external SSO or firewall rules mandatory. Host network mode exposes port 8840 directly; use reverse proxy with TLS. Single developer; no formal security audit or CVE disclosure process documented. arp-scan binary is external system tool with own security posture. Shoutrrr URLs and DB credentials must be managed securely (env vars, secrets manager).

Alternatives to consider

Nessus / Tenable

Enterprise-grade network discovery and vulnerability scanning; best for large, complex networks and compliance-heavy environments, but significantly higher cost and complexity.

Zabbix

Full-featured monitoring suite with network discovery, alerting, and Grafana integration; scales to large networks, but steeper learning curve and resource overhead.

Netbox

IP address management (IPAM) with network device tracking; better for documentation and multi-site management, but not real-time monitoring-focused.

Software development agency

Build on WatchYourLAN with DEV.co software developers

WatchYourLAN is lightweight and self-hosted. Deploy via Docker today and get real-time device detection with Grafana dashboards. Perfect for small networks and home labs.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

WatchYourLAN FAQ

Does WatchYourLAN support IPv6?
Not clearly stated in provided data. arp-scan is ARP-based (IPv4 only). Requires review of source code or detailed docs for IPv6 support status.
How much historical data can it store?
SQLite/PostgreSQL stores history with configurable retention (TRIM_HIST, default 48 hours). Long-term retention best achieved via InfluxDB2 export; TRIM_HIST controls local DB size.
Can I use WatchYourLAN on Windows?
No native Windows binary provided. Docker on Windows (WSL2) is the recommended path, but requires Docker Desktop and host network mode complexity.
Is there built-in user authentication?
No. Use external SSO tools (Authelia, ForAuth) or firewall/reverse proxy rules to secure access. README includes docker-compose-auth.yml example.

Custom software development services

Adopting WatchYourLAN is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.

Ready to Monitor Your Network?

WatchYourLAN is lightweight and self-hosted. Deploy via Docker today and get real-time device detection with Grafana dashboards. Perfect for small networks and home labs.