Log filter to see only denied requests at "Tail pihole.log"

Feature Requests
2

If you look at the current output of /var/log/pihole.log

Apr 28 11:36:01 dnsmasq[7998]: query[A] logger.foxitcloud.com from 10.0.10.136
Apr 28 11:36:01 dnsmasq[7998]: gravity blocked logger.foxitcloud.com is 0.0.0.0
Apr 28 11:36:13 dnsmasq[7998]: query[A] logger.foxitcloud.com from 10.0.10.136
Apr 28 11:36:13 dnsmasq[7998]: gravity blocked logger.foxitcloud.com is 0.0.0.0
Apr 28 11:36:28 dnsmasq[7998]: query[A] www.google.com from 10.0.99.192
Apr 28 11:36:28 dnsmasq[7998]: forwarded www.google.com to 127.0.0.1
Apr 28 11:36:28 dnsmasq[7998]: reply www.google.com is 172.217.23.132
Apr 28 11:36:28 dnsmasq[7998]: query[AAAA] www.google.com from 10.0.99.192
Apr 28 11:36:28 dnsmasq[7998]: forwarded www.google.com to 127.0.0.1
Apr 28 11:36:28 dnsmasq[7998]: reply www.google.com is 2a00:1450:4001:81e::2004
Apr 28 11:36:31 dnsmasq[7998]: query[A] logger.foxitcloud.com from 10.0.10.136
Apr 28 11:36:31 dnsmasq[7998]: gravity blocked logger.foxitcloud.com is 0.0.0.0
Apr 28 11:36:53 dnsmasq[7998]: query[A] ping.ubnt.com from 10.0.1.1
Apr 28 11:36:53 dnsmasq[7998]: forwarded ping.ubnt.com to 127.0.0.1
Apr 28 11:36:53 dnsmasq[7998]: reply ping.ubnt.com is <CNAME>
Apr 28 11:36:53 dnsmasq[7998]: reply dl.ubnt.com is <CNAME>
Apr 28 11:36:53 dnsmasq[7998]: reply d2cnv2pop2xy4v.cloudfront.net is 99.84.152.160

you can already see where the request originated from (query[A] logger.foxitcloud.com from 10.0.10.136) and that it was later blocked (gravity blocked logger.foxitcloud.com is 0.0.0.0). As this logging is at least two step process (what is the query and where is it from; what should happen with the query and what was the answer) makes it impossible the filter it "live" because at the moment the query is seen pihole doesn't know if it will be blocked.

But you already got a nice tool to analyze exactly what you want: the query log. All recent queries are displayed even with their origin and reply status. It is not live but if you refresh you get the latest queries. (Even in my home network with few active devices the live view is way to fast to really analyse it visually as long scrolling is activated - with scrolling disabled I see no benefit to the query log.)

At the moment you can't filter for status - but this is already in development.

1 Like