// the find
aceberg/WatchYourLAN
Lightweight network IP scanner written in Go. With notifications, history, export to Grafana
WatchYourLAN is an ARP-based network scanner that runs on your LAN, maintains a host inventory, and alerts you when an unknown device shows up. It's aimed at self-hosters who want passive intrusion detection without standing up something like Zabbix or Nessus.
Shoutrrr integration is the right call — one library covers Telegram, Slack, Gotify, ntfy, email, and a dozen others without you having to wire each notification channel yourself. SQLite-by-default with a Postgres upgrade path is sensible for a tool that most people run on a Pi. Multi-arch Docker builds including arm_v5/v6/v7 means it actually runs on the cheap hardware people use for this. The InfluxDB2 + Prometheus dual export means you can drop it into whichever metrics stack you already have rather than adopting a new one.
ARP scanning only sees layer-2 neighbors, so anything behind a router on a different subnet is invisible — the 'intrusion detection' angle in the topics is aspirational at best for anyone with a segmented network. No built-in auth is a real gap: the workaround (Authelia + host networking) is awkward because host network mode means the port is always exposed and you're relying on the user to firewall it correctly. The frontend is a React SPA served from the Go binary, but the Go backend still pulls Bootstrap themes and fonts from the internet by default, which breaks in air-gapped setups unless you stand up the separate node-bootstrap container — a dependency that shouldn't exist. History trimming defaults to 48 hours, which means if you don't tune TRIM_HIST early you'll lose context on when a device first appeared.