Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ELK Dashboard for Pihole Logs

Published: 2019-12-29
Last Updated: 2019-12-29 19:48:45 UTC
by Guy Bruneau (Version: 1)
4 comment(s)

In my last Pihole Diary, I shared a Pihole parser to collect its logs and stored them into Elastic. In this diary, I'm sharing a dashboard to visualize the Pihole DNS data. Here are some of the output from the dashboard.

Pihole Overall

Pihole Dashboard

Pihole Regex List Match

This is the output from the Blacklist for Regex and Wildcard blocking

Pihole Regex

Pihole Gravity List Match

This is the output from the Blocklists generated by Pi-hole Gravity

Pihole Gravity

The JSON dashboard file can be downloaded here.

[1] https://isc.sans.edu/diary/25582
[2] https://handlers.sans.edu/gbruneau/elk/pihole.conf
[3] https://handlers.sans.edu/gbruneau/elk/pihole_graphs.ndjson
[4] https://www.elastic.co/

-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

4 comment(s)
Diary Archives