Likely unrelated to your problem, but noted in your debug log. You have a number of regex entries that won't work - https is not part of the domain name.
Thanks for pointing this out. I was thinking that there is nearly no benefit of only 0-1h of logs when RAM logging is enabled (not allowing statistical analysis), but actually for debugging recent DNS queries from console it has still some use.
The tail looks like they are actually not filling fast, but /var/log was never cleared because cron.service was masked, breaking also Pi-hole's own log rotation and update checks.
You mean you do run pihole -t on the console or parse /var/log/pihole/pihole.log manually by times? Then I think RAM logging isn't suitable, since you'll only have one hour of logs in this file (not affecting the web UI/dashboard), when clearing logs works as intended.
No, I use the web dashboard and use the query log to quick add new domains to the blacklist.
PS: I turned off logging recently and flushed the logs so its no longer full but yeah I too would like to know why its filling up so soon.
I ran ls -lha /var/log/pihole and again you can see pihole.log filling up really quickly.
total 4.0M
drwxr-xr-x 2 pihole pihole 100 Sep 15 11:53 .
drwxr-xr-x 6 root root 260 Sep 4 14:11 ..
-rw-r--r-- 1 pihole pihole 75K Sep 18 02:26 FTL.log
-rw-r----- 1 pihole pihole 3.8M Sep 18 03:24 pihole.log
-rw-r----- 1 root pihole 87K Sep 17 16:27 pihole_debug.log
Another thing, I added one more computer (a windows computer) onto the pihole network. Is there any reason why a windows gaming computer would fill up the log quickly?
Then I'd say you do not need this file query logging. However, with logs being cleared hourly it wouldn't hurt either.
Your /boot/dietpi content shows that .installed is missing, which should be present if first run setup was finished one time. Could you show:
cat /boot/dietpi/.install_stage
If it shows 0 or 1, please run dietpi-software and simply select "Install". If it shows 2, please run dietpi-software install 103, which reconfigures the RAM disk, being a noop, but also sets the logging choice variable in /boot/dietpi/.installed for the hourly cron job to clear logs. Aside of the masked cron service, this is a second reason why currently logs are not cleared.
Are you sure that this added computer is causing the logs? From the top clients stats (which are coming from the database, not from the log file), no client has an exceptionally high number of queries. But yeah, finding the culprit in /var/log/pihole/pihole.log is key.
If it shows 0 or 1 , please run dietpi-software and simply select "Install".
Is it a fresh install? Will I loose all blacklists etc?
Are you sure that this added computer is causing the logs? From the top clients stats (which are coming from the database, not from the log file), no client has an exceptionally high number of queries. But yeah, finding the culprit in /var/log/pihole/pihole.log is key.
No I don't think that, was just sharing I had a new device connected to the pihole.
If it shows 0 or 1 , please run dietpi-software and simply select "Install".
I ran it and now set log system to DietPi-RAMlog #1 which is hourly clear. Does this mean that my query logs from the web UI will flushed hour or hour?
After the setup I again ran cat /boot/dietpi/.install_stage and when I got a response 2 I ran dietpi-software install 103 which gave me the below.
[ OK ] DietPi-Software | Initialised database
[ OK ] DietPi-Software | Reading database
DietPi-Software
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Mode: Automated install
[ INFO ] DietPi-Software | 103: DietPi-RAMlog is already installed
[ INFO ] DietPi-Software | Use "dietpi-software reinstall 103" to force rerun of installation and configuration steps for DietPi-RAMlog.
[ OK ] DietPi-Software | No changes applied for: DietPi-RAMlog
No, it does not touch any installed software. It's the first run setup dialog. Actually it should show up on login as long as /boot/dietpi/.install_stage is not set to 2, so I'm not 100% sure how you could have skipped/missed it .
Not the ones from the web UI, only the ones from the pihole.log. By default, Pi-hole logs DNS queries redundant to two places: /var/log/pihole/pihole.log and /etc/pihole/pihole-FTL.db. Only the second is used by the web UI, the first is used when running pihole -t from console.
It does .
Cron looks fine now. Also Pi-hole's log rotation ran successfully already. Due to hourly cron, the log file sizes should now stay below 1 MiB. It's still large, so you may still want to check the pihole.log for something unexpected. Probably a client spams PTR (reverse DNS) requests or so.