Query Log -> Able to query blocked or forwarded only

Geekologist · September 14, 2018, 5:20pm

Hello,

as the title say, an option to only query for blocked or forwarded would be neat, as often I only need to see the blocked from a given IP, but I need to go thru all the forwarded as well, and there is many as you know

Wolf · September 14, 2018, 9:38pm

forwarded:

sed -n '/forwarded/p' /var/log/pihole.log

blocked:

sed -n '/0.0.0.0/p;/ ::$/p' /var/log/pihole.log

Mcat12 · September 15, 2018, 10:11pm

You can query the database located at /etc/pihole/pihole-FTL.db

schworak · December 9, 2019, 1:43pm

Old post but still useful so here is another way to query the log file.

grep -ohE 'block[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n

grep -ohE 'forward[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n

jfb · December 9, 2019, 2:36pm

When a domain is blocked, the word "block" is not used in the log. This query will only return entries with the word block in them, which does not correlate to blocked domains:

grep -ohE 'block[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n
     72 block-debug.x.dropbox.com

schworak · December 9, 2019, 2:58pm

OH MAN! So is there noting in the log that relates to them being blocked or do we have to go to the DB file for that? At least it works for forward.

jfb · December 9, 2019, 3:11pm

With the default NULL blocking mode, all blocked entries return the IP 0.0.0.0. On the same line, Pi-Hole will indicate which list drove the blocking (i.e. gravity, blacklist, regex).

grep 0.0.0.0 /var/log/pihole.log
Dec  9 00:00:46 dnsmasq[733]: /etc/pihole/gravity.list browser.pipe.aria.microsoft.com is 0.0.0.0
Dec  9 00:02:09 dnsmasq[733]: /etc/pihole/regex.list www.tripadvisor.ru is 0.0.0.0
Dec  9 00:02:19 dnsmasq[733]: /etc/pihole/black.list mobile.pipe.aria.microsoft.com is 0.0.0.0
Dec  9 00:02:19 dnsmasq[733]: /etc/pihole/black.list mobile.pipe.aria.microsoft.com is 0.0.0.0
Dec  9 00:02:29 dnsmasq[733]: /etc/pihole/regex.list www.amazon.cn is 0.0.0.0
Dec  9 00:03:17 dnsmasq[733]: /etc/pihole/gravity.list browser.pipe.aria.microsoft.com is 0.0.0.0

schworak · December 11, 2019, 1:11pm

AWESOME! The idea of using grep was right, just the filter for blocked items was wrong. Thanks a ton! The idea was working so well for forwarded and others. I am really enjoying Pi-Hole! Just manually finding those accidentally blocked items was bugging me. Happy now!

yubiuser · June 1, 2020, 8:33pm

Filter on "Status" for Web Interface is in development.

yubiuser · July 16, 2020, 8:36am

Advanced filtering has been implemented in v5.1
https://pi-hole.net/2020/07/15/pi-hole-5-1-released/