As i understand the log file that is flushed and turned off is /var/log/pihole.log. So then where do the logs in the "Query Log" web page come from? Is there any other place where the queries are logged other than dnsmasq? Are they different logs all together?
I'm confused about the logs in pi-hole, can somebody share some light on the files and what they actually log?
Is there also a pihole-FTL.log file? If so what is it's relation to the sqlite pihole-FTL.db database? If i would like to send the query logs to a remote rsyslog server, which logs should i send? FTL or dnsmasq? Are they the same?
So i did the dnsmasq changes in /etc/dnsmasq.d/01-pihole.conf and sent the query logs to /var/log/syslog and then to a remote syslog server based on a $programname == 'dnsmasq' filter rather than /var/log/pihole.log. Yet i can still see query logs in the “Query Log” web page. Are they coming from pihole-FTL.db? How is this database still populated and by what program? Does the FTL daemon know that i changed the destination of the dnsmasq logs? Does it tap into dnsmasq somehow and gets a copy of the query logs? Or does it generate its entries despite and independent of dnsmasq?