Audit Log

The idea is to create an Audit log page, that looks maybe something link this:

| Permitted domains                 | Blocked domains                           |
|    [Accept] [Blacklist] | [Accept] [Whitelist] |
|     [Accept] [Blacklist] |       [Accept] [Whitelist] |
| [Accept] [Blacklist] | *      [Accept] [Whitelist] |
| ...                               | ...                                       |

The list will contain all lists that have been found in the Pi-hole log. Once, you click on [Accept], it will be removed from this table and saved in some list, so that it wouldn't be shown in the future. However, it will also give you the option to [White-/Blacklist] this domain with one single click (and hide it afterwards as well, since you have decided what will happen with it).


Made it better visible. It is already hidden in here.

Actually I'm the annoying sh*t who keeps asking for this :relaxed:


Having the ability to view hits per domain (sorted by highest to lowest, but reverse sorting would be a neat optional thing) is hugely useful, given I already use the "Top Domains" feature on the dashboard in this fashion!

The required changes have been implemented in the FTL engine and can be used by adding for audit to the commands (e.g. via telnet). Like

>top-ads for audit

I implemented this as well in the backend (add desc, like in >top-ads desc), but let's see what changes are necessary in the PHP API. Next steps are the implementation in the web interface and the connected core changes to add new accepted files to the audit list file.



You can join testing the development version while still in progress via:

sudo pihole checkout web new/audit-log
sudo pihole checkout core new/auditlog

Note that you will need FTL v2.6 for the audit log

@r0ckarong @WaLLy3K

I'm interested in your opinion. Currently, I don't feel like I should implement the descending order property. The web interface part is still marked as [Work in progress] to indicate that it has not been finished (maybe?).

The domains are stored in /etc/pihole/auditlog.list which is a file that is hard-coded in FTL.

I have switched to the dev branch you mentioned above and have access to the WIP state.

To properly understand the "Audit" button adds this to "auditlog" and ignores this from future listing yes?

Number of items in auditlog.list should be displayed in gravity output imho.

Otherwise this is really useful and pretty much what I though of initially. This makes filtering "new" domains that keep cropping up much easier to manage.

Can you add some functionality to the audit log page that registers when you have made changes to black/whitelist and prompts you to Update the lists? A fat button "Update lists" would be helpful too. It's somewhat unintuitive to make changes to abstract lists and then having to pull up what looks and feels like an update tool to write these changes.



I see what you mean and will think about how to implement that best

Implemented. Will be included in the next release.


Hey, sry for this but I cant find the solution.
I pressed the button "Audit" for 2 domains on the Audit Log Page. How can I undo this? Where can I find the domains I added to auditing? It looks like these domains arent blocked anymore.

The audit log entries are in /etc/pihole/auditlog.list

Edit that file to remove the erroneous entries, then restart pihole-FTL with sudo service pihole-FTL restart


A post was split to a new topic: Can not access audit log

A post was split to a new topic: What does the audit log do