How do I log failed attempts to log in to my Amazon RDS instance running MySQL?
Last updated: 2019-12-12
Failed or aborted connections to DB instances running MySQL are logged in error.log. By default, the log_warnings DB parameter in the custom DB parameter group associated with the DB instance is enabled to track failed attempts to connect to a DB instance that is running MySQL. If the value is greater than one, the server logs the aborted connections and the access-denied errors when new connections are attempted.
If a user attempts to log in to your DB instance with the wrong credentials, the failed attempts are captured to error.log in a form similar to the following:
2016-08-23 15:03:37 1183 [Warning] Access denied for user 'tester'@'22.214.171.124' (using password: NO)
Note: For DB instances running MySQL 5.7.2 and later, use log_error_verbosity instead of log_warnings. For more information, see the MySQL documentation for log_error_verbosity.
It's a best practice to enable general_log for short-term troubleshooting, and to disable it again after you finish troubleshooting. When enabled, general_log records every executed query, resulting in significant overhead on production DB instances with heavy workloads.