Wildcard auditing in v5.0

Arthur_B · June 18, 2020, 5:55pm

Open this old topic again: it seems that we have lost this feature in V5.0?
I see it has been addressed a few months ago (Restore audit wildcard-support by DL6ER · Pull Request #727 · pi-hole/FTL · GitHub) but it does not seem to work.

yubiuser · June 18, 2020, 6:06pm

Can you provide more information on why it is not working for you? What have you tested? How did it fail?

Arthur_B · June 18, 2020, 6:09pm

Sure.
I have to confess that i have not used it for a while.
I added for example *.twitter.com to the auditlog.list.
Normally this would clear all the entries on screen in the audit log, like static.ads-twitter.com and syndication.twitter.com

Arthur_B · June 18, 2020, 6:35pm

In addition to this: even adding the exact url to this file does not some to work.
Also, pressing the Audit button in the GUI is not adding the domain to this file !?

yubiuser · June 22, 2020, 6:57pm

Sorry for the delay. I've never used auditing but reading your posts carefully again I see what the problem is:
Since v5.0 the auditlog.list doesn't exist anymore. As (almost) all other lists, this has been incorporated into the gravity database (gravity.db). Specifically into the table domain_audit.

https://docs.pi-hole.net/database/gravity/#audit-table-domain_audit

If you want to add domains manually you have to perform this via sql.

sudo service pihole-FTL stop

sudo sqlite3 /etc/pihole/gravity.db "insert into domain_audit(id, domain, date_added) values (1, '*.twitter.com', strftime('%s', 'now'));"

sudo service pihole-FTL start

To view the the domains on the auditlog

sqlite3 /etc/pihole/gravity.db "select * from domain_audit"

For how to remove entries, see here

Also using the GUI button will result in adding entries into this table instead of the old auditlog.list

Arthur_B · June 22, 2020, 7:15pm

Thank you very much for this clear explanation, really appreciated and works like a charm!

DanSchaper · June 22, 2020, 8:14pm

Is this Feature Request still valid with versions 5 changes?

yubiuser · June 22, 2020, 8:18pm

Moved partly to new topic as wildcard auditing is possible in v5.0. The topic here is more about how auditing works in v5.0

Arthur_B · June 22, 2020, 8:20pm

Just wondering why I need to stop and start the pihole-FTL service, as it all works without doing this.

yubiuser · June 22, 2020, 8:24pm

More a security thing - if you have concurrent write attempts to the same database from two independent processes things could go wrong. FTL is quite robust and detects database locks and tries to write later again. It might be not necessary in your particular case for a protection measure if you don't execute "audit" from the web interface simultaneously.

Does pihole pickup manual added entries without a restart?

If not it might be enough to let it reload the lists

pihole restartdns reload-lists

Arthur_B · June 22, 2020, 8:34pm

OK. I was thinking if i hit the Audit button it would be weird if that also stopped and start the service.
Adding one line on the CLI works immediately, i see the domain disappear on the Audit log page.

Really nice option adding wildcard domains this way. Saved me 100 audit-button-clicks alone for microsoft.com

system · July 13, 2020, 8:34pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.