Open this old topic again: it seems that we have lost this feature in V5.0?
I see it has been addressed a few months ago (Restore audit wildcard-support by DL6ER · Pull Request #727 · pi-hole/FTL · GitHub) but it does not seem to work.
Can you provide more information on why it is not working for you? What have you tested? How did it fail?
Sure.
I have to confess that i have not used it for a while.
I added for example *.twitter.com to the auditlog.list.
Normally this would clear all the entries on screen in the audit log, like static.ads-twitter.com and syndication.twitter.com
In addition to this: even adding the exact url to this file does not some to work.
Also, pressing the Audit button in the GUI is not adding the domain to this file !?
Sorry for the delay. I've never used auditing but reading your posts carefully again I see what the problem is:
Since v5.0 the auditlog.list doesn't exist anymore. As (almost) all other lists, this has been incorporated into the gravity database (gravity.db
). Specifically into the table domain_audit
.
https://docs.pi-hole.net/database/gravity/#audit-table-domain_audit
If you want to add domains manually you have to perform this via sql.
sudo service pihole-FTL stop
sudo sqlite3 /etc/pihole/gravity.db "insert into domain_audit(id, domain, date_added) values (1, '*.twitter.com', strftime('%s', 'now'));"
sudo service pihole-FTL start
To view the the domains on the auditlog
sqlite3 /etc/pihole/gravity.db "select * from domain_audit"
For how to remove entries, see here
Also using the GUI button will result in adding entries into this table instead of the old auditlog.list
Thank you very much for this clear explanation, really appreciated and works like a charm!
Is this Feature Request still valid with versions 5 changes?
Moved partly to new topic as wildcard auditing is possible in v5.0. The topic here is more about how auditing works in v5.0
Just wondering why I need to stop and start the pihole-FTL service, as it all works without doing this.
More a security thing - if you have concurrent write attempts to the same database from two independent processes things could go wrong. FTL is quite robust and detects database locks and tries to write later again. It might be not necessary in your particular case for a protection measure if you don't execute "audit" from the web interface simultaneously.
Does pihole pickup manual added entries without a restart?
If not it might be enough to let it reload the lists
pihole restartdns reload-lists
OK. I was thinking if i hit the Audit button it would be weird if that also stopped and start the service.
Adding one line on the CLI works immediately, i see the domain disappear on the Audit log page.
Really nice option adding wildcard domains this way. Saved me 100 audit-button-clicks alone for microsoft.com
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.