Query Log -> Able to query blocked or forwarded only

Hello,

as the title say, an option to only query for blocked or forwarded would be neat, as often I only need to see the blocked from a given IP, but I need to go thru all the forwarded as well, and there is many as you know :slight_smile:

forwarded:

sed -n ‘/forwarded/p’ /var/log/pihole.log

blocked:

sed -n ‘/0.0.0.0/p;/ ::$/p’ /var/log/pihole.log

You can query the database located at /etc/pihole/pihole-FTL.db

Old post but still useful so here is another way to query the log file.

grep -ohE 'block[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n

grep -ohE 'forward[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n

When a domain is blocked, the word “block” is not used in the log. This query will only return entries with the word block in them, which does not correlate to blocked domains:

grep -ohE 'block[^\.]+[^ ]+' /var/log/pihole.log | sort | uniq -c | sort -n
     72 block-debug.x.dropbox.com

OH MAN! So is there noting in the log that relates to them being blocked or do we have to go to the DB file for that? At least it works for forward.

With the default NULL blocking mode, all blocked entries return the IP 0.0.0.0. On the same line, Pi-Hole will indicate which list drove the blocking (i.e. gravity, blacklist, regex).

grep 0.0.0.0 /var/log/pihole.log
Dec  9 00:00:46 dnsmasq[733]: /etc/pihole/gravity.list browser.pipe.aria.microsoft.com is 0.0.0.0
Dec  9 00:02:09 dnsmasq[733]: /etc/pihole/regex.list www.tripadvisor.ru is 0.0.0.0
Dec  9 00:02:19 dnsmasq[733]: /etc/pihole/black.list mobile.pipe.aria.microsoft.com is 0.0.0.0
Dec  9 00:02:19 dnsmasq[733]: /etc/pihole/black.list mobile.pipe.aria.microsoft.com is 0.0.0.0
Dec  9 00:02:29 dnsmasq[733]: /etc/pihole/regex.list www.amazon.cn is 0.0.0.0
Dec  9 00:03:17 dnsmasq[733]: /etc/pihole/gravity.list browser.pipe.aria.microsoft.com is 0.0.0.0

AWESOME! The idea of using grep was right, just the filter for blocked items was wrong. Thanks a ton! The idea was working so well for forwarded and others. I am really enjoying Pi-Hole! Just manually finding those accidentally blocked items was bugging me. Happy now!

1 Like