How do I watch and interpret the pihole.log file?

logs

#1

Use this command to watch the log file in real time:

pihole -t

which is just a short version of sudo tail -F /var/log/pihole.log

You can also do it on the web interface:

When your Pi-hole first starts up, it will read your hosts file as well as /etc/pihole/gravity.list, which is where your list of ad-serving domains is. So one of the first log entries will read like this:

Nov 13 07:45:04 dnsmasq[1055]: read /etc/hosts - 5 addresses
Nov 13 07:45:06 dnsmasq[1055]: read /etc/pihole/gravity.list - 66925 addresses

Next, you might see a query line, which is a computer asking where they can find a certain domain. For instance

Nov  4 07:28:53 dnsmasq[1045]: query[A] ntp.ubuntu.com from 192.168.1.52

So the log file shows the date, the process (dnsmasq): what the action was–an IPv4 [A] query for ntp.ubuntu.com and who it came from–someone with the IP address 192.168.1.52. If you have IPv6 enabled, you will all see query[AAAA] entries.

If the domain requested is not in the list of ad domains, it is sent to an upstream DNS server. So in this example, ntp.ubuntu.com is not an ad-serving domain, so the request is sent to Google’s DNS server to find out where it is.

Nov  4 07:28:53 dnsmasq[1045]: forwarded ntp.ubuntu.com to 8.8.4.4

Once it finds out where it is, a reply is sent to the client with the IP address

Nov  4 07:28:53 dnsmasq[1045]: reply ntp.ubuntu.com is 91.189.89.199

Next, you may want to know when an ad domain is queried. Look for /etc/pihole/gravity.list in the log file. You will see the log entry is structured the same, but the hosts file where the domain was found in is listed and then it points to your Pi’s IP address (192.168.1.20 in this example).

Nov  4 14:13:23 dnsmasq[1045]: /etc/pihole/gravity.list doubleclick.com is 192.168.1.200

How do I use Pi-hole's built in DHCP server (and why would I want to)?
The pihole Command With Examples
Block Taboola, Outbrain, etc
What files does Pi-hole use?
Whitelist hulu? Roku app fails when trying to play advert
Undetectable Spyware or Pi-Hole bug?
How to debug a website that doesn't work properly
Ad block test sites
A Security Note About Your Pi-hole Logs
How to understand the loginformation in console
Pi hole stock in dashboard query log
Amazon Firestick - Huge number of Netflix requests
Why don't some ad blocker tests work with Pi-hole?