I'd like to keep track of failed or aborted connections to my DB instance for security purposes. How do I do that?

Failed or aborted connections to DB instances running MySQL are logged in error.log. To track failed attempts to log in to a DB instance running MySQL, enable the log_warnings parameter in the custom parameter group associated with the DB instance.

If a user attempts to log in to your DB instance with the wrong credentials, the failed attempts are captured to error.log in a form similar to the following:

2016-08-23 15:03:37 1183 [Warning] Access denied for user 'tester'@'124.41.31.5' (using password: NO)

Note: For DB instances running MySQL 5.7.2 and later, use log_error_verbosity instead of log_warnings.

To log successful connections to the mysql.general_log table, enable the general_log parameter in a custom parameter group, and set the log_output parameter to TABLE.

Note: It's a best practice to enable general_log for short-term troubleshooting, and to disable it again after you finish troubleshooting. general_log records every executed query when enabled, resulting in significant overhead on production DB instances with heavy workloads.

RDS, MySQL, log_warning, access denied


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-01-05