xoriin/netmap

NetMap is a self-hosted dashboard for keeping an eye on a home lab or small office network. The single Docker container bundles a web UI, an API, a database, and a syslog receiver, so there is nothing extra to orchestrate. The author describes it as one application that knows what is on your network, where it sits, and whether it is behaving, with no cloud account, no subscription, and no telemetry sent out. The core feature is a topology canvas where you draw your network. You add devices, draw links between them, group things into VLANs or clusters, and annotate them. A force-directed layout arranges nodes automatically, and you can move and lock them into place. Layouts are saved, multiple named sites are supported (so home, lab, and an off-site location stay separate), and the device-type icons include server, workstation, switch, router, firewall, access point, camera, phone, VPN, and cloud endpoint. The inventory itself is a searchable and filterable table with bulk-edit support. Monitoring runs continuously in a background thread independent of the UI. Each device gets ICMP ping with an RTT history graph, optional TCP port checks, a heartbeat strip showing the last 30 poll results as a colour bar, and a rolling uptime percentage. The IPAM module tracks subnets, VLANs, and individual address assignments (static, DHCP, or reserved), imports DHCP leases from a router lease file, shows a per-subnet grid of used and free addresses, and flags duplicate assignments. Firewall log handling is built in. NetMap listens for syslog over UDP and TCP on port 5514 (mapped from 1514 inside the container) and accepts RFC 5424 or 3164 sources, with examples named for pfSense, OPNsense, and Unifi. The browser can live-tail the stream, search by IP, protocol, port, or action, and each event is matched against the inventory so a log line links back to a device card. Default retention is seven days, and an allowlist limits which senders may submit logs. A network-discovery feature runs Nmap against a subnet and pre-populates the new device records with hostnames, MAC addresses, and open ports. Extras include built-in ping, traceroute, TCP connect, DNS lookup, and a subnet calculator, plus alert rules that fan out to ntfy, Telegram, Signal, or SMTP email with a cooldown per rule. Access control offers four roles (SuperAdmin, NetworkAdmin, SecurityAnalyst, Viewer) with customisable permissions, and exports cover PDF reports, CSV and JSON dumps, full backup and restore, and an audit log of writes. Installation is a docker-compose.yml plus two generated secrets, SECRET_KEY and a Fernet MASTER_KEY. NetMap is licensed under GPL-3.0.