Greetings,
I have Pi-hole running in a docker on Synology Diskstation as a host.
And I have Splunk docker as well running fine.
Everything is working as expected.
I wonder where I can find the following file/path to create/edit though per the Splunk plugin:
Pi-hole app for Splunk
https://splunkbase.splunk.com/app/4116/
Create an input for the log file. The following is an example you could add to inputs.conf if you are using the default paths.
Be sure to set the sourcetype to pihole:log
[monitor:///var/log/]
whitelist = pihole\.lo.+
disabled = false
sourcetype = pihole:log
On my synology pihole docker here:
root@Synology:~# sudo docker exec -it pihole /bin/bash
root@pihole:/# ls
bash_functions.sh bin boot dev etc home lib lib64 libexec media mnt opt proc root run s6-init sbin srv start.sh sys tmp usr var
root@pihole:/# cd var
root@pihole:/var# cd log
root@pihole:/var/log# ls -1
alternatives.log
apt
btmp
dpkg.log
faillog
lastlog
lighttpd
pihole
pihole-FTL.log
pihole.log
pihole.log.1
wtmp
Please advise.
Thanks
It looks like the file exists already. /var/log/pihole.log
. But you'll need to allow the file to be accessed outside of the pihole
container.
Hey Dan, Thanks for the quick response.
I have the following setup as you can see two folders already exposed outside the docker.
Can you tell me please what are volumes I can add to get that directory exposed outside the pihole docker image?
Thanks
You are right, it worked and added the log files now in the folder outside the docker.
However, it says in the application details of Splunk, that I have to create a config file and add the info below:
- Create an input for the log file
[monitor:///var/log/]
whitelist = pihole\.lo.+
disabled = false
sourcetype = pihole:log
I am going to create the file now and testing it.
That would be something the application author would be able to guide you on.
https://answers.splunk.com/app/questions/4116.html
I will check that for sure with the developer of the app.
I have tried to point an external folder for the /var/log folder but I got into an issue where it's not installing all the files as before.
root@Synology:~# sudo docker exec -it Pi-hole /bin/bash
root@Pi-hole:/# ls
bash_functions.sh bin boot dev etc home lib lib64 libexec media mnt opt proc root run s6-init sbin srv start.sh sys tmp usr var
root@Pi-hole:/# cd var
root@Pi-hole:/var# cd log
root@Pi-hole:/var/log# ls
pihole pihole-FTL.log pihole.log
root@Pi-hole:/var/log#
As you can see now it just created few files and folder, but not all of them as it was by default.
And the logs showing the following:
date stream content
2020-05-28 04:49:03 stdout lighttpd: no process found
2020-05-28 04:49:03 stdout Stopping lighttpd
2020-05-28 04:49:03 stdout 2020-05-28 04:49:03: (log.c.171) opening errorlog '/var/log/lighttpd/error.log' failed: No such file or directory
2020-05-28 04:49:03 stdout cron: no process found
2020-05-28 04:49:02 stdout Stopping cron
2020-05-28 04:49:02 stdout Starting lighttpd
2020-05-28 04:49:02 stdout /var/spool/cron: mkdir: No such file or directory
2020-05-28 04:49:02 stdout /var/spool/cron: No such file or directory
2020-05-28 04:49:02 stdout Starting crond
2020-05-28 04:49:02 stdout lighttpd: no process found
2020-05-28 04:49:02 stdout Stopping lighttpd
2020-05-28 04:49:02 stdout 2020-05-28 04:49:02: (log.c.171) opening errorlog '/var/log/lighttpd/error.log' failed: No such file or directory
2020-05-28 04:49:02 stdout cron: no process found
2020-05-28 04:49:01 stdout Starting lighttpd
2020-05-28 04:49:01 stdout Stopping cron
2020-05-28 04:49:01 stdout /var/spool/cron: mkdir: No such file or directory
2020-05-28 04:49:01 stdout /var/spool/cron: No such file or directory
2020-05-28 04:49:01 stdout Starting crond
2020-05-28 04:49:01 stdout lighttpd: no process found
2020-05-28 04:49:01 stdout Stopping lighttpd
Before creating the external directory on the Synology, it was able to create/install all the filers needed as you could see from the SSH screenshot when created this post.
root@Synology:~# sudo docker exec -it pihole /bin/bash
root@pihole:/# ls
bash_functions.sh bin boot dev etc home lib lib64 libexec media mnt opt proc root run s6-init sbin srv start.sh sys tmp usr var
root@pihole:/# cd var
root@pihole:/var# ls
backups cache lib local lock log mail opt run spool tmp www
root@pihole:/var# cd log
root@pihole:/var/log# ls
alternatives.log apt btmp dpkg.log faillog lastlog lighttpd pihole pihole-FTL.log pihole.log pihole.log.1 wtmp
Any idea, why it's not able to install those files/directories as it's able to do so inside the docker container?
Thanks
Update:
I managed to map the log file in the Docker host (Synlology) instead of mapping the entire directory and that did the trick.
Here are some screenshots that would help if anyone wants to keep the log file outside the docker container.