I want to track failed or aborted connections to my DB instance for security purposes. How do I track failed attempts to connect to an Amazon Relational Database Service (Amazon RDS) instance running MySQL?

Failed or aborted connections to DB instances running MySQL are logged in error.log. By default, the log_warnings parameter in the custom parameter group associated with the DB instance is enabled to track failed attempts to connect to a DB instance running MySQL. If the value is greater than one, the server logs the aborted connections and the access-denied errors when new connections are attempted.

If a user attempts to log in to your DB instance with the wrong credentials, the failed attempts are captured to error.log in a form similar to the following:

2016-08-23 15:03:37 1183 [Warning] Access denied for user 'tester'@'124.41.31.5' (using password: NO)

Note: For DB instances running MySQL 5.7.2 and later, use log_error_verbosity instead of log_warnings.

It's a best practice to enable general_log for short-term troubleshooting, and to disable it again after you finish troubleshooting. When enabled, general_log records every executed query, resulting in significant overhead on production DB instances with heavy workloads.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-01-05

Updated: 2018-08-16