Discover & Monitor Your Network with This Self-Hosted Open Source Tool [YouTube Release]

Additional Resources:

In this video, I walk through how to self-host NetAlertX, an open-source network discovery and monitoring tool that discovers devices on your network, even some your firewall might miss. Many plugins available to enrich data and you can get alerts when something changes.

NetAlertX

Connect With Us

• Hire Us for a project: Hire Us – Lawrence Systems
• Toms’ Twitter https://twitter.com/TomLawrenceTech
• Our Website https://www.lawrencesystems.com/
• Our Forums https://forums.lawrencesystems.com/
• Instagram https://www.instagram.com/lawrencesystems/
• Facebook https://www.facebook.com/Lawrencesystems/
• GitHub lawrencesystems (Lawrence Systems) · GitHub
• Discord Lawrence Systems

Lawrence Systems Shirts and Swag

►👕 Lawrence Systems

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
Lawrence Systems's Amazon Page

UniFi Affiliate Link
Ubiquiti Store

All Of Our Affiliates help us out and can get you discounts!
Partners We Love – Lawrence Systems

Gear we use on Kit
Kit

Use OfferCode LTSERVICES to get 10% off your order at
Tech Supply Direct - Premium Refurbished Servers & Workstations at Unbeatable Prices

Digital Ocean Offer Code
DigitalOcean: AI-Powered Unified Inference Cloud Infrastructure

HostiFi UniFi Cloud Hosting Service
HostiFi - Fast and Reliable UniFi in the Cloud

Protect your privacy with a VPN from Private Internet Access
https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS

Patreon
https://www.patreon.com/lawrencesystems

Chapters
00:00 Do you know what’s on your network?
01:17 What Is and why use NetalertX
03:18 NetalertX Docker Compose Setup
03:42 Configuring NetalertX Networking
05:58 Running and Scheduling Network Discovery Scans
09:00 NetalertX Plugins
09:38 UniFi Plugin
10:33 Discovered Devices and Monitoring
13:00 Manual and Auto NMAP Scans
14:50 Import Export and Maintenance

Here is the docker compose I use for my Netalertx setup:

services:
  netalertx:
    container_name: netalertx
    image: "jokobsk/netalertx:latest"
    network_mode: "host"
    restart: unless-stopped
    volumes:
      - ./config:/app/config
      - ./db:/app/db
      - ./logs:/app/log
      - type: tmpfs
        target: /app/api
    environment:
      - TZ=America/Detroit
      - PORT=20211

Here is a stupid question from a Docker luddite:

Could I install this on the same VM that is running Kasm? I would guess the answer is yes, but just a guess.

In general you can run as many containers as you want with enough resources available.

Do note that running a tool like this and allow it to access multiple networks/vlans it could require additional network configuration which could conflict with your Kasm installation.

Thanks, I didn’t think about the networking. I’ll have to explore this in greater detail before I start combining containers.

Yes. kasm does not listen on port 20211.

Great video and tool!

I have it deployed via Docker and it’s scanning everything on the current VLAN. I’m trying to get it to scan my other VLANs. I have pfSense and on the VLAN that I wanted scanned, I have this rule:
Screenshot 2025-06-09 at 08-42-42 TheWall.jrfam.net - Firewall Rules LAN

It’s not discovering. I’m not sure if the port is right, that’s the web interface port.

Tom, thanks for the video. How does netalert compare to runzero? I am a homelabber and really want a self-hosted tool.

Runzero is going to be much more extensive because they have put a lot of engineering into how they do both discovery and identity of the devices.

I have the question, trying to discover systems on different VLANs. I checked and found I could ping other systems on different vlans from the nextalertx container but those systems are not discovered by nextalertx.

NetalertX is primarily using ARP for network discovery and you need OSI layer 2 level access for that to work.

From what I’m reading and learning, I would need to tag that port that the docker host for NetAlertX is on for the other VLANs?

Would using macvlans solve the problem? If not, any other suggestions to try?

Depends on what you mean by tagging. The switch port would need to be in every vlan/subnet you have. Next step, the host connected to that port needs to be configured with an ip address in each and every network.

If that device gets compromised, the attacker will have access to all your networks.

A macvlan in Docker will not solve that alone. You still need all what I mentioned in the other comment. Switch and host need to have a leg in each of your networks. You don’t want that!

If you did all that, then you can use containers with macvlan to give that container a real ip from the subnet. Typically you use this when you want the container directly addressable without that container to host port mapping.

That tool is maybe good for someone with a single flat network. For people with a proper network infrastructure such a tool should have a design with a central UI server and then you can for example deploy agents in each subnet. The agents report their data to the central server for viewing and management.

That would be much more secure than building a device that basically has a leg in each subnet.

This bit is still very confusing. This is in a VM on XCP-NG.

I treat this as a normal vlan. Its passing untagged frames from the systems perspective but of course my hypervisor is connected to Layer2 throughout.

Because its not covered at all in the video, i assume the VM needs to tag its own packets instead of the Hypervisor doing it? Not really clear here…And others had the same question. Shame this was glossed over completely in the video as scanning other networks is kinda the point.

edit: Figured it out. If you are running XCP-NG, attach multiple VIFs to your VM for each VLAN you want it to have access to. Then run “ip link show” on your VM (if its Linux). You should see those new interfaces. Then configure DHCP on each one - i had to configure a netplan - and thats it…done…

edit: adding multiple VIFs doesnt seem to help NetAlertX to scan multiple subnets. Whatever Tom did in the video to get his VM accessible to multiple vlans at Layer 2 (Not Layer3 we’re not routing) i have no idea. For now, NetAlert X works only on a single vlan.

I did not gloss over that, as I state at the 3:50 mark in the video where I show how to setup the networking.

For some more clarity: If you are running on bare metal then make sure the system is attached to a trunk port with access to all the VLANs you want to attach to. If you are running in XCP-ng as I am, make sure the VIF is able to access all VLANs.

still cant get this to work in my XCP set up.

@LTS_Tom Just need a bit of guidance here. In your VM, are you using multiple VIFs (which i dont believe you are doing based on the video) or did you set up trunking in the Debian system?

It seems you are trunking that one interface but i guess i want to know who is doing the vlan tagging? The Virtual Machine i assume?

Can you share just the snippet of your config? Just the network piece.

“If you are running in XCP-ng as I am, make sure the VIF is able to access all VLANs.”

Here is my VIF…How do i make this talk to multiple vlans?

image1666×407 24.9 KB

Make sure the switch that is connecting to the XCP-ng host is bringing all the VLANs to that host.

That was the exact thing I was missing. I had it on a VLAN network, not on the main/bonded network.

It is interesting to know that all data on PID 1 is forwarded to every VM that is on that network.

Thanks Tom.