Running out of space very quickly

Despite following instructions elsewhere when I have gotten a " Disk shortage (/etc/pihole/pihole-FTL.db) ahead: 91% used" and " Disk shortage (/var/log/pihole/FTL.log) ahead: 91% used" it seems these files take up space faster and faster.

I cleared them yesterday and now they are full. I don't think anything has changed.
I did try and search for solutions but other than manually clearing the log, I really didn't understand the solutions offered.

Aren't these logs supposed to self-reset? How would the get so big.

I have pi-hole running on Ubuntu 22 on a cheap Intel system on a chip from China. Ubuntu and Pi-hole are up to date.

I don't believe anything has changed other than updates.

I tried attaching the diagnostic output but it says the post is too long.

Any help appreciated.

Run the command below. It will check your setup, check your databases, then create a debug log and automatically post it to the private secure debug server for the devs to look at. It will give you a debug token URL which you can post here – just the URL, not the whole log – and that will let them locate it.

pihole -d -c -a

[✓] Your debug token is: https://tricorder.pi-hole.net/6JX9UL8N/

Yes and no.

The query database at /etc/pihole/pihole-FTL.db grows until it contains the number of days specified by the parameter MAXDBDAYS (which was 365 days).

The logs in /var/log/pihole are rotated nightly and no more than six days are retained, and oldest logs are compressed.

Let's see what is consuming space for Pi-hole logs and databases. Please post the output of the following commands run from the Pi terminal:

ls -lha /etc/pihole

ls -lha /var/log/pihole

zenaadmin@zena-pi-hole:~$ ls -lha /etc/pihole
total 690M
drwxrwxr-x   3 pihole pihole   12K Nov 20 12:16 .
drwxr-xr-x 138 root   root     12K Nov 18 08:05 ..
-rw-r--r--   1 root   root      65 Aug 20 11:13 adlists.list
-rw-r--r--   1 root   root    1.8K Nov 15 12:59 custom.list
-rw-r--r--   1 pihole pihole     0 Jul 11 11:29 dhcp.leases
-rw-r--r--   1 root   root     651 Nov 18 08:05 dns-servers.conf
-rw-rw-r--   1 pihole pihole  498M Nov 20 04:40 gravity.db
-rw-r--r--   1 root   root    1.1K Nov 18 08:05 install.log
-rw-r--r--   1 root   root    370K Nov 20 04:38 list.10.v.firebog.net.domains
-rw-r--r--   1 root   root      84 Nov 20 04:38 list.10.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root     60K Nov 18 08:05 list.11.pgl.yoyo.org.domains
-rw-r--r--   1 root   root      83 Nov 18 08:05 list.11.pgl.yoyo.org.domains.sha1
-rw-r--r--   1 root   root     204 Nov 20 04:38 list.12.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:05 list.12.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    312K Nov 20 04:38 list.13.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.13.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    341K Nov 20 04:38 list.14.v.firebog.net.domains
-rw-r--r--   1 root   root      84 Nov 20 04:38 list.14.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root     60K Nov 18 08:06 list.15.v.firebog.net.domains
-rw-r--r--   1 root   root      84 Nov 18 08:06 list.15.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root     49K Nov 20 04:38 list.16.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.16.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    9.2K Nov 20 04:38 list.17.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.17.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    190K Nov 20 04:38 list.19.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.19.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    4.2M Nov 20 04:38 list.1.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      95 Nov 18 08:05 list.1.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root     44K Nov 18 08:06 list.21.s3.amazonaws.com.domains
-rw-r--r--   1 root   root      87 Nov 18 08:06 list.21.s3.amazonaws.com.domains.sha1
-rw-r--r--   1 root   root    1.5M Nov 18 08:06 list.22.v.firebog.net.domains
-rw-r--r--   1 root   root      84 Nov 18 08:06 list.22.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root     40K Nov 20 04:38 list.23.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.23.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root     43K Nov 18 08:06 list.24.bitbucket.org.domains
-rw-r--r--   1 root   root      84 Nov 18 08:06 list.24.bitbucket.org.domains.sha1
-rw-r--r--   1 root   root    4.3M Nov 20 04:38 list.25.phishing.army.domains
-rw-r--r--   1 root   root      84 Nov 20 04:38 list.25.phishing.army.domains.sha1
-rw-r--r--   1 root   root    8.8K Nov 20 04:38 list.26.gitlab.com.domains
-rw-r--r--   1 root   root      81 Nov 20 04:38 list.26.gitlab.com.domains.sha1
-rw-r--r--   1 root   root    144K Nov 20 04:38 list.27.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.27.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root     18K Nov 20 04:38 list.28.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.28.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    102K Nov 20 04:38 list.29.urlhaus.abuse.ch.domains
-rw-r--r--   1 root   root      87 Nov 20 04:38 list.29.urlhaus.abuse.ch.domains.sha1
-rw-r--r--   1 root   root    1.9M Nov 20 04:38 list.2.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      95 Nov 20 04:38 list.2.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root     67K Nov 18 08:06 list.30.zerodot1.gitlab.io.domains
-rw-r--r--   1 root   root      89 Nov 18 08:06 list.30.zerodot1.gitlab.io.domains.sha1
-rw-r--r--   1 root   root    540K Nov 20 04:38 list.31.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.31.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    1.2K Nov 20 04:38 list.3.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      95 Nov 18 08:05 list.3.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root     11M Nov 20 04:38 list.40.www.github.developerdan.com.domains
-rw-r--r--   1 root   root      98 Nov 20 04:38 list.40.www.github.developerdan.com.domains.sha1
-rw-r--r--   1 root   root   1007K Nov 20 04:38 list.41.www.github.developerdan.com.domains
-rw-r--r--   1 root   root      98 Nov 20 04:38 list.41.www.github.developerdan.com.domains.sha1
-rw-r--r--   1 root   root    639K Nov 20 04:38 list.42.www.github.developerdan.com.domains
-rw-r--r--   1 root   root      98 Nov 18 08:06 list.42.www.github.developerdan.com.domains.sha1
-rw-r--r--   1 root   root    511K Nov 20 04:38 list.43.www.github.developerdan.com.domains
-rw-r--r--   1 root   root      98 Nov 20 04:38 list.43.www.github.developerdan.com.domains.sha1
-rw-r--r--   1 root   root     40K Nov 20 04:38 list.44.www.github.developerdan.com.domains
-rw-r--r--   1 root   root      98 Nov 18 08:06 list.44.www.github.developerdan.com.domains.sha1
-rw-r--r--   1 root   root    4.4M Nov 20 04:38 list.45.www.github.developerdan.com.domains
-rw-r--r--   1 root   root      98 Nov 20 04:38 list.45.www.github.developerdan.com.domains.sha1
-rw-r--r--   1 root   root     25M Nov 20 04:38 list.46.dbl.oisd.nl.domains
-rw-r--r--   1 root   root      82 Nov 20 04:38 list.46.dbl.oisd.nl.domains.sha1
-rw-r--r--   1 root   root     98K Nov 20 04:38 list.47.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.47.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    126K Nov 20 04:38 list.48.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.48.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    2.3K Nov 20 04:38 list.49.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.49.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    6.9K Nov 18 08:05 list.4.v.firebog.net.domains
-rw-r--r--   1 root   root      83 Nov 18 08:05 list.4.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root    8.4K Nov 20 04:38 list.50.quidsup.net.domains
-rw-r--r--   1 root   root      82 Nov 18 08:06 list.50.quidsup.net.domains.sha1
-rw-r--r--   1 root   root    8.8K Nov 20 04:38 list.51.quidsup.net.domains
-rw-r--r--   1 root   root      82 Nov 18 08:06 list.51.quidsup.net.domains.sha1
-rw-r--r--   1 root   root    228K Nov 20 04:38 list.52.quidsup.net.domains
-rw-r--r--   1 root   root      82 Nov 20 04:38 list.52.quidsup.net.domains.sha1
-rw-r--r--   1 root   root     34K Nov 20 04:38 list.53.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.53.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    209K Nov 18 08:06 list.54.someonewhocares.org.domains
-rw-r--r--   1 root   root      90 Nov 18 08:06 list.54.someonewhocares.org.domains.sha1
-rw-r--r--   1 root   root    110K Nov 20 04:38 list.55.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.55.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    180K Nov 18 08:06 list.56.winhelp2002.mvps.org.domains
-rw-r--r--   1 root   root      91 Nov 18 08:06 list.56.winhelp2002.mvps.org.domains.sha1
-rw-r--r--   1 root   root     43K Nov 18 08:06 list.57.v.firebog.net.domains
-rw-r--r--   1 root   root      84 Nov 18 08:06 list.57.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root    1.7M Nov 20 04:38 list.58.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 20 04:38 list.58.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    9.4K Nov 18 08:06 list.59.paulgb.github.io.domains
-rw-r--r--   1 root   root      87 Nov 18 08:06 list.59.paulgb.github.io.domains.sha1
-rw-r--r--   1 root   root    154K Nov 18 08:05 list.5.adaway.org.domains
-rw-r--r--   1 root   root      80 Nov 18 08:05 list.5.adaway.org.domains.sha1
-rw-r--r--   1 root   root     31K Nov 20 04:38 list.60.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.60.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    1.6K Nov 20 04:38 list.62.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.62.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    5.7K Nov 20 04:38 list.63.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.63.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root     407 Nov 20 04:38 list.64.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.64.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    228K Nov 20 04:38 list.65.gitlab.com.domains
-rw-r--r--   1 root   root      81 Nov 20 04:38 list.65.gitlab.com.domains.sha1
-rw-r--r--   1 root   root    1.3M Nov 18 08:06 list.66.v.firebog.net.domains
-rw-r--r--   1 root   root      84 Nov 18 08:06 list.66.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root    202K Nov 20 04:38 list.68.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      96 Nov 18 08:06 list.68.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root    117M Nov 18 08:06 list.69.v.firebog.net.domains
-rw-r--r--   1 root   root      84 Nov 18 08:07 list.69.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root    786K Nov 20 04:38 list.6.v.firebog.net.domains
-rw-r--r--   1 root   root      83 Nov 20 04:38 list.6.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root     18K Nov 18 08:05 list.7.v.firebog.net.domains
-rw-r--r--   1 root   root      83 Nov 18 08:05 list.7.v.firebog.net.domains.sha1
-rw-r--r--   1 root   root    1.3M Nov 20 04:39 list.85.local.domains
-rw-r--r--   1 root   root      76 Nov 18 08:07 list.85.local.domains.sha1
-rw-r--r--   1 root   root    991K Nov 20 04:38 list.8.raw.githubusercontent.com.domains
-rw-r--r--   1 root   root      95 Nov 18 08:05 list.8.raw.githubusercontent.com.domains.sha1
-rw-r--r--   1 root   root     43K Nov 18 08:05 list.9.s3.amazonaws.com.domains
-rw-r--r--   1 root   root      86 Nov 18 08:05 list.9.s3.amazonaws.com.domains.sha1
-rw-r--r--   1 root   root      65 Nov 20 04:39 local.list
-rw-r--r--   1 root   root     245 Jul 11 11:29 logrotate
-rw-r--r--   1 pihole pihole  2.9M Nov 18 08:05 macvendor.db
drwxr-xr-x   2 root   root    4.0K Jul 11 11:29 migration_backup
-rw-rw-r--   1 pihole root     157 Nov 19 07:39 pihole-FTL.conf
-rw-rw-r--   1 pihole pihole  8.9M Nov 20 12:16 pihole-FTL.db
-rw-rw-r--   1 pihole pihole  152K Nov 19 07:34 pihole-FTL.db.old
-rw-r--r--   1 root   root     528 Nov 18 19:50 setupVars.conf
-rw-r--r--   1 root   root     528 Sep 16 18:25 setupVars.conf.update.bak
-rw-r--r--   1 root   root     323 Nov 19 12:57 versions
zenaadmin@zena-pi-hole:~$

zenaadmin@zena-pi-hole:~$ ls -lha /var/log/pihole
total 89M
drwxr-xr-x  2 pihole pihole 4.0K Nov 20 00:00 .
drwxrwxr-x 16 root   syslog 4.0K Nov 20 00:00 ..
-rw-r--r--  1 pihole pihole 3.7K Nov 20 12:14 FTL.log
-rw-r--r--  1 pihole pihole  36K Nov 20 00:00 FTL.log.1
-rw-r--r--  1 pihole pihole 4.4K Nov 19 00:00 FTL.log.2.gz
-rw-r--r--  1 pihole pihole  644 Nov 18 00:00 FTL.log.3.gz
-rw-r-----  1 root   pihole  79K Nov 20 06:59 pihole_debug.log
-rw-r-----  1 pihole pihole  25M Nov 20 12:18 pihole.log
-rw-r-----  1 pihole pihole  50M Nov 20 00:00 pihole.log.1
-rw-r-----  1 pihole pihole 3.7M Nov 19 00:00 pihole.log.2.gz
-rw-r-----  1 pihole pihole 3.5M Nov 18 00:00 pihole.log.3.gz
-rw-r-----  1 pihole pihole 3.5M Nov 17 00:00 pihole.log.4.gz
-rw-r-----  1 pihole pihole 3.5M Nov 16 00:00 pihole.log.5.gz
-rw-r--r--  1 root   root    13K Nov 20 04:40 pihole_updateGravity.log
zenaadmin@zena-pi-hole:~$

I did see that in another post. I looked at mine and there was no entry for Max Days so I added it to 90.

#; Pi-hole FTL config file
#; Comments should start with #; to avoid issues with PHP and bash reading this file
RATE_LIMIT=1000/60
PRIVACYLEVEL=0
MAXDAYS=90

I do still have the old file as well.

Pi-hole files are not taking too much space.
Your debug log shows your root partition has 3.6GB free from a total of 29GB.

   /dev/mmcblk1p5   29G   23G  3.6G  87% /

There must be something else filling your disk.

That should be MAXDBDAYS, as jfb has mentioned.

Note that MAXDBDAYS as well as log rotation do address growth by limiting the retention period. They don't impose any restrictions on absolute sizes or growth rate.

The latter is likely what is causing your issue, as your debug log seems to suggest:

*** [ DIAGNOSING ]: Pi-hole diagnosis messages
  count  last timestamp       type             message
  -----  -------------------  ---------------  ------------------------------------------------------------
  1      2022-11-19 17:00:02  DNSMASQ_WARN     Maximum number of concurrent DNS queries reached (max: 150)
  1      2022-11-19 17:00:02  RATE_LIMIT       192.168.1.110

Any client excessively sending resolution requests would cause Pi-hole to grow its log and long term database files accordingly, and your debug log shows that happened for your client at 192.168.1.110.

Sometimes, blocking a domain will cause a misbehaving client to go crazy about it. You could try to find out what that client is trying so desperately to resolve.
The following statement may help with that:

pihole-FTL sqlite3 "/etc/pihole/pihole-FTL.db" "SELECT domain, count(domain), reply_type FROM queries WHERE timestamp > strftime('%s','2022-11-19')AND client='192.168.1.110' GROUP BY domain ORDER BY count(domain) DESC LIMIT 10;"

Often, excessive requests may be caused by DNS loops (where an upstream would feed back its queries to Pi-hole), but your debug log contains no immediate hints that you would have configured such a loop.

On the contrary (and unrelated to your issue) - your DHCP server is distributing two public DNS servers besides Pi-hole, allowing clients to by-pass your Pi-hole completely at their discretion:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 313 bytes from eno1:192.168.1.1
     Offered IP address: 192.168.1.125
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.1.125
      dns-server: 208.67.220.220
      dns-server: 208.67.222.222
      router: 192.168.1.1
      --- end of options ---

Pi-hole has to be the sole DNS server for your network.

Run this command to see the 20 largest directories. One (or a few) of these is where your space is being consumed.

sudo du -h / | sort -n -r | head -20

I have seen this, and it is a "known" issue. Specifically, it's one of my Synology NAS and it has a BT client running. This "error" seems to occur every day at 9a and 5p every day. I have no idea why it picks those time or why it hammers on the DNS server. Since I haven't noticed a drop in performance, I would just delete the message and move on. Do you think that is a factor? Note that the Pi-Hole is running on different hardware and not on the NAS.

That is OpenDNS, which was what I was using before the Pi-Hole. I left it in as a "back up" if I was to do something, like updating or resetting. The internet would not be completely out during that process. Sounds like I shouldn't do that. Since this is in my home, I'm not too concerned about something or someone bypassing the Pi-Hole.

I found a tool in Ubuntu that estimates folder sizes. Any insight at what I am looking at and if the offending files "can go" is appreciated.

size1.PNG1920×1012 231 KB

size2.PNG1920×1012 154 KB

Also note that this is only used for Pi-Hole, so other than the operating system itself, and RustDesk used to connect remotely to the desktop, there shouldn't be anything else making space.

Output from terminal command.

size3.PNG1920×1013 114 KB

Fixed...

So, I found out that Snapd was causing the issue with some package and log files. I managed to delete them but now I can't add software. Oh, well. I wasn't planning on adding anything anyway.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.