"Disable Query Logging" does not stop all logging

Please follow the below template, it will help us to help you!

Expected Behaviour:

Query log is never written to nonvolatile storage, and thus is not persisted across reboots

Actual Behaviour:

Query log is persisted across reboots, even though query log was set to off during install and pihole -l off noflush was used

Debug Token:

utrbeyy2yt

Pi-Hole has two logs/databases. You have turned off logging to one of the two.

The pihole.log is toggled with the pihole -l command and on the Admin GUI (settings > System) in the orange box labeled "Disable Query logging."

pihole -l -h
Usage: pihole logging [options]
Example: 'pihole logging on'
Specify whether the Pi-hole log should be used

Options:
  on                  Enable the Pi-hole log at /var/log/pihole.log
  off                 Disable and flush the Pi-hole log at /var/log/pihole.log
  off noflush         Disable the Pi-hole log at /var/log/pihole.log

There is a second file, the long term database, that stores data for a default of 365 days. This database is controlled from commands in the /etc/pihole/pihole-FTL.conf file.

You can verify the size of your files and access dates to see if they are active:

stat /etc/pihole/pihole-FTL.db

stat /var/log/pihole.log

The documentation below discusses the long term database and configuration options.

https://docs.pi-hole.net/ftldns/database/

https://docs.pi-hole.net/ftldns/configfile/

So you're saying that the "Disable Query Logging" button doesn't disable logging of queries?

El 30 set 2018, a les 17:35, jfb replies@support.pi-hole.net va escriure:

Disable query logging disables the pihole.log only. The long term database is separate.

Is it a log that contains queries, or am I missing something? (Serious question.)

It is a log that contains queries, and yes, you are missing something.

Pi-Hole works with two data files - one is a log, the other is a database.

In the previous version of Pi-Hole, Pi-Hole was unable to query the dnsmasq log, so a separate log was kept (/var/log/pihole.log). The new FTLDNS in V4.0 forked dnsmasq, gaining access to its inner workings and allowing it to query dnsmasq for statistics, which eliminated the need for the separate log file.

Logging to this log is controlled by Web GUI > Settings > Disable logging.

A separate SQLite database is maintained for long term query data at /etc/pihole/pihole-FTL.db

Logging to this database is controlled by variables in file /etc/pihole/pihole-FTL.conf as discussed here: Redirecting... and here: Configuration - Pi-hole documentation

What is it you are trying to accomplish? Do you want to eliminate as many writes to your SD card as possible, or just reduce them?

I'm trying to disable the logging of queries. For this, I used the "disable query log" button, after seeing that the install-time option to do the same seemed (and apparently was) nonfunctional.

In some but not all circumstances, it may be acceptable (or even desirable) for queries to be logged for a short time for troubleshooting (bonus marks for making that time configurable), but never written to disk.

If the user clicks a button that is labelled as disabling query logging, and yet queries are still logged, this is a tremendous privacy (and UX) failure — and, for a project intended to protect and enhance privacy, I hope we agree that the bar must be set higher than this.

The terminology is perhaps unclear, and a user who doesn't refer to the documentation might reasonably interpret that disabling query logging stops all logging.

The documentation is clear on the long term database and it's options for use. You can disable the database completely, should you choose to.

There is a section in the web admin GUI (Settings > Privacy) that describe DNS resolver privacy levels and allow the user to select one that meets their needs. Privacy levels are discussed in the documentation here: Privacy levels - Pi-hole documentation

To completely disable logging of all queries and for maximum privacy, these settings should meet your needs:

  1. Disable query logging and flush logs (which you have done).

  2. In /etc/pihole/pihole-FTL.conf, enter the line below, save and exit. Then sudo service pihole-FTL restart

    MAXDBDAYS=0

  3. On the web GUI (settings > privacy) - select "Paranoia mode". This corresponds to privacy level 4 in the documentation.

  4. Delete any existing pihole.log variants and the SQL database.

As features have been added over time, perhaps a future release can improve the presentation of the logging and privacy options to the user.

I recommend you submit a feature request for any changes to the user interface that would improve the user interface or clarify the available privacy and logging options.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.