Wildcard auditing

Hi there,

I love the new audit list, huge kudos for this feature!
Would it be possible that the auditlog checks the whitelist for a domain and if there is a match not showing this in the audit log?

Example, this is what spotify does in the auditlog (many times a day), and i have spotify.com on the whitelist:

b6xohuf3jlrtlkzc7nbid7tmwwlu2o5av7xdlywwakmtwy33.qcutryyfdzcpeyupoj6dlz5cmce6lfjspa3f3as6he5izjxe.sduz4hxdjj5xkfeh5gjdylrxbuvpoymuzjz7uypwgruhy7wc.brnw3sqfvofdd3ekmlg4ztmuk6v7xz6zk2qkifcw3jdyo5jt.bytipv7isdskuyck.er.spotify.com

The same goes for a playstation with their datahound.com:

ip72-5-161-251.datahound.com

This will save a huge amount of time each day pressing the audit button.

Although you have spotify.com on the whitelist, that doesn’t mean you shouldn’t see any of the subdomains (we don’t yet support wildcard whitelisting). And even if it was wildcard whitelisted, it makes sense that users would still want to see the domains just in case there’s a suspicious domain hiding around under the wildcard. We may add it as an optional feature in the future though, depending on how many users want it.

Fair enough. Is wildcard auditing then something to be considered as an option?

Perhaps. @DL6ER might want to comment on that.

I think we will add support for wildcard auditing. I coded this already here:

See the comments therein. For now, I’m not sure if we should add this as an official feature as in have a button for this on the dashboard. However, you will be able to manually put in a line like

*.spotify.com

into the file /etc/pihole/auditlog.list to achieve exactly what you are looking for.

1 Like

And it is not xmas yet :grinning:
This would be awesome!

7 posts were split to a new topic: Wildcard auditing in v5.0