Sending Syslog from pi-hole to Graylog on Mac OS X
This post should probably be about 10 words or less, but as I’ve learned over the years, it’s never easy. In the beginning of the year I setup Graylog and wrote about the ease of installation. I have aspirations of sending all my log sources to Graylog to provide better visibility to events happening on my home network. There are copious amounts of documentation on both pi-hole as well as the underlying technology it relies on, specifically the use of dnsmasq.
Quick Test
Quickly scanning through the pi-hole docs, the dnsmasq man page, and some posts other posts I decided to edit the file 01-pihole.conf and update the log-facility to local5.
$ sudo sed -i "s/log-facility=.*/log-facility=local5/" /etc/dnsmasq.d/01-pihole.confRestarting dsnmasq
$ pihole restartdnsYou will start to see syslog messages in the syslog file. The next logical step is to send those messages to Graylog, but before we do that, let’s check the pi-hole UI and see if we broke anything. Looking at the Tail pihole-FTL.log section tool, it looks like this change broke my live tail. Sigh
