Query Log -> Able to query blocked or forwarded only


as the title say, an option to only query for blocked or forwarded would be neat, as often I only need to see the blocked from a given IP, but I need to go thru all the forwarded as well, and there is many as you know :slight_smile:


sed -n '/forwarded/p' /var/log/pihole.log


sed -n '/;/ ::$/p' /var/log/pihole.log

You can query the database located at /etc/pihole/pihole-FTL.db

Old post but still useful so here is another way to query the log file.

grep -ohE 'block[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n

grep -ohE 'forward[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n

When a domain is blocked, the word "block" is not used in the log. This query will only return entries with the word block in them, which does not correlate to blocked domains:

grep -ohE 'block[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n
     72 block-debug.x.dropbox.com

OH MAN! So is there noting in the log that relates to them being blocked or do we have to go to the DB file for that? At least it works for forward.

With the default NULL blocking mode, all blocked entries return the IP On the same line, Pi-Hole will indicate which list drove the blocking (i.e. gravity, blacklist, regex).

grep /var/log/pihole.log
Dec  9 00:00:46 dnsmasq[733]: /etc/pihole/gravity.list browser.pipe.aria.microsoft.com is
Dec  9 00:02:09 dnsmasq[733]: /etc/pihole/regex.list www.tripadvisor.ru is
Dec  9 00:02:19 dnsmasq[733]: /etc/pihole/black.list mobile.pipe.aria.microsoft.com is
Dec  9 00:02:19 dnsmasq[733]: /etc/pihole/black.list mobile.pipe.aria.microsoft.com is
Dec  9 00:02:29 dnsmasq[733]: /etc/pihole/regex.list www.amazon.cn is
Dec  9 00:03:17 dnsmasq[733]: /etc/pihole/gravity.list browser.pipe.aria.microsoft.com is

AWESOME! The idea of using grep was right, just the filter for blocked items was wrong. Thanks a ton! The idea was working so well for forwarded and others. I am really enjoying Pi-Hole! Just manually finding those accidentally blocked items was bugging me. Happy now!

1 Like

Filter on "Status" for Web Interface is in development.

Advanced filtering has been implemented in v5.1