Wildcard auditing

Arthur_B · December 21, 2017, 8:02pm

Hi there,

I love the new audit list, huge kudos for this feature!
Would it be possible that the auditlog checks the whitelist for a domain and if there is a match not showing this in the audit log?

Example, this is what spotify does in the auditlog (many times a day), and i have spotify.com on the whitelist:

b6xohuf3jlrtlkzc7nbid7tmwwlu2o5av7xdlywwakmtwy33.qcutryyfdzcpeyupoj6dlz5cmce6lfjspa3f3as6he5izjxe.sduz4hxdjj5xkfeh5gjdylrxbuvpoymuzjz7uypwgruhy7wc.brnw3sqfvofdd3ekmlg4ztmuk6v7xz6zk2qkifcw3jdyo5jt.bytipv7isdskuyck.er.spotify.com

The same goes for a playstation with their datahound.com:

ip72-5-161-251.datahound.com

This will save a huge amount of time each day pressing the audit button.

Mcat12 · December 23, 2017, 5:24pm

Although you have spotify.com on the whitelist, that doesn't mean you shouldn't see any of the subdomains (we don't yet support wildcard whitelisting). And even if it was wildcard whitelisted, it makes sense that users would still want to see the domains just in case there's a suspicious domain hiding around under the wildcard. We may add it as an optional feature in the future though, depending on how many users want it.

Arthur_B · December 23, 2017, 6:03pm

Fair enough. Is wildcard auditing then something to be considered as an option?

Mcat12 · December 23, 2017, 6:58pm

Perhaps. @DL6ER might want to comment on that.

DL6ER · December 23, 2017, 9:03pm

I think we will add support for wildcard auditing. I coded this already here:

github.com/pi-hole/FTL

Wildcard auditing

pi-hole:release/v2.13.1 ← pi-hole:tweak/wildcard_auditing

opened 09:01PM - 23 Dec 17 UTC

DL6ER

+30 -2

**By submitting this pull request, I confirm the following (please check boxes, …eg [X]) _Failure to fill the template will close your PR_:** ***Please submit all pull requests against the `development` branch. Failure to do so will delay or deny your request*** - [X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [X] I have checked that [another pull request](https://github.com/pi-hole/FTL/pulls) for this purpose does not exist. - [X] I have considered, and confirmed that this submission will be valuable to others. - [X] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [X] I give this submission freely, and claim no ownership to its content. **How familiar are you with the codebase?:** ## 10 --- Accept lines like `*.spot.com` as wildcard audits for domains. One note about this: - `*spot.com` will audit `spot.com`, `some.spot.com`, etc. but also `spotspot.com` or `totalldifferentspot.com` - `*.spot.com` will audit `some.spot.com`, etc. but neither `spot.com` nor `spotspot.com` nor `totalldifferentspot.com` _This template was created based on the work of [`udemy-dl`](https://github.com/nishad/udemy-dl/blob/master/LICENSE)._

See the comments therein. For now, I'm not sure if we should add this as an official feature as in have a button for this on the dashboard. However, you will be able to manually put in a line like

*.spotify.com

into the file /etc/pihole/auditlog.list to achieve exactly what you are looking for.

Arthur_B · December 23, 2017, 10:01pm

And it is not xmas yet
This would be awesome!

yubiuser · June 22, 2020, 8:16pm

7 posts were split to a new topic: Wildcard auditing in v5.0