Early warning system


#1

Can we get an early warning from Pi-Hole (like NAS devices send an e-mail) when we’re away from PC or not logged in to Pi-Hole admin page?

For example:

If Top Domains Hits>xxx

Pi-hole client 192..168.xx.xx [Client name] requested xxxx.com xx times from [date/time] to [date/time]

If Queries over last 24 hours > [your parameter]

Total queries over last 24 hours is higher than [your parameter].
Total DNS Queries : xxx
Blocked DNS Queries : xxx

If a new Client detected and it is not in Hosts file

192.168.xxx.xxx is detected on your network.

Are these feasible using pi-hole API, PHP code or some sh scripts? I searched for these things but couldn’t find a way to handle as a novice.


#2

I too like this idea and was thinking of suggesting the same suggestion. An email that alerted the admin to an high level of top talkers would be a great feature to pinpoint a client that may have a issue/malware.


#3

You could write a script and run it with cron.

the code in this thread (and additional info on how to send the mail) would do something like this:


or
image

check it out:

same principle can be applied for a 24 hour period.

You’d have to script that though …

There is a way to access the APi for a real-time output via python:

You could pipe that and go from there:

Here’s a sample code that I have implemented:

#!/usr/bin/env python
 
import json
import urllib2
import os
 
try:
f = urllib2.urlopen('http://pi.hole/admin/api.php')
json_string = f.read()
parsed_json = json.loads(json_string)
queries = parsed_json['dns_queries_today']
adsblocked = parsed_json['ads_blocked_today']
clients = parsed_json['unique_clients']
f.close()
except:
queries = '-'
adsblocked = '-'
clients = '-'
stats = 'DNS Queries: ' + str(queries) + ' - ' + 'Blocked ads: ' + str(adsblocked) + ' - ' + 'Devices: ' + str(clients) + ' '
print stats

you can create a script that does stuff based on those printed values.

I personally use push notifications to my devices with that info and it looks like this:

As for this, it can be scripted and I also thought about it but my network does not accept guest devices unless I allow it and at that point, i decided not to pursue the implementation due to the amount of work needed to script this, versus actual benefit.


#4

Average stats:


#5

I’d also recommend using the API of FTL for querying this data. Two reasons:

  • The data is already analyzed and available in milliseconds from FTL
  • With FTLDNS, the user can disable the log file altogether

#6

This, my friend, this is exactly what i was looking for! Thank you so much. I’ll begin playing with your code immediately.

Any other ideas or plug&play codes are welcome too.


#7

Here’s something I created a week ago to solve this:

Firstly, dnsmasq needs to be configured to call a script every time DHCP actions a request (and it of course needs to be your DHCP server):
echo "dhcp-script=/path/to/location/lease.sh" | sudo tee "/etc/dnsmasq.d/leasescript.conf"

Then, you can use something like this as your script:

#!/usr/bin/env bash
# Lease.sh: Provide notification when dnsmasq issues new lease
# by WaLLy3K 09APR18
type="${1:-}"; mac="${2:-}"; ip="${3:-}"; hostname="${4:-}"

# DHCP range is 10.0.0.20 to 10.0.0.30; assume any IP > 20 is not static
if [[ "$type" == "add" ]] && [[ "${ip##*.}" -ge 20 ]]; then
  # Your commands go here
  logger -st "DHCP @ $HOSTNAME" "Leased ${hostname:-a device} $ip ($mac)"
fi

Like @ramset, I use Pushover to send notifications to my device and is definitely a service I’m fond of! :slight_smile: