Fail2ban and mysql

Discussion in 'Server Operation' started by pititis, Jan 27, 2011.

  1. pititis

    pititis Member

    Hello,

    Why fail2ban don't support mysql? I have found a patch to make it work but I think that mysql logging can be a performance killer. I have test to logging and in minutes I get a very heavy log (logging with "General query log" level ). There is any way to log only connections in mysql?

    Cheers!
     
  2. tgs

    tgs New Member

    Fail2ban does not work well with mysql.log because MySQL does not log the client IP address of the failed login attempt.

    The part after the '@' in the "Access denied for user 'name'@'host.doma.in'" message is the result of a reverse DNS lookup on the client IP address, which may or may not resolve back to the original IP address. If it doesn't, fail2ban will fail, or worse, ban the wrong address.
     
  3. elayo

    elayo New Member

    For me is working perfectly with this configuration:
    [mysqld-auth]
    enabled = true
    filter = mysqld-auth
    port = 3306
    logpath = /var/log/mysql/error.log
     
  4. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    that depends on how you configured mysql - if you have
    skip-resolve
    then mysql doesn't resolve the ip, however you need to add ispconfig login with @127.0.0.1 in some cases since it won't resolve anymore ;)
     

Share This Page