Hi, it is some way how to add a list of "danger" websites. Allow access to them. But then filter the log by this list to get what client accessed it, what page from that list? We got a list of potentially dangerous websites but I do not want to block them straight away. I just want to make some statistics on what pages from that list are accessed and how often. Thanks
Your best approach may be to output the domains queried as stored in the query database, then outside of Pi-hole compare those domains to the domains shown on your watch list.
This command will output all queries for the duration of the database:
sqlite3 /etc/pihole/pihole-FTL.db "select domain from queries group by domain order by domain"
This command will output all queries not blocked for the duration of the database:
sqlite3 /etc/pihole/pihole-FTL.db "select domain from queries where WHERE status IN (2,3,12,13,14) group by domain order by domain"
This command will output all queries from a specific client in the past 24 hours:
sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain FROM queries WHERE client='192.168.0.140' AND timestamp>='$(($(date +%s) - 86400))'" | sort | uniq -c | sort -n -r
Details on the query database structure appear here in our documentation: