How do I setup monitoring of MySQL with Fail2ban?
Searching the internet with search engines on MySQL and fail2ban yields lots of results on putting your fail2ban logs into MySQL, however I'm wanting to monitor failed MySQL attempts to log in and ban those IP's.
My application requires that I keep a port for MySQL open, though I have changed the default port for added security. For extra security though, I would like to monitor the MySQL logs with fail2ban.
Does anyone have a quick guide to configuring fail2ban for MySQL? I have it already installed and working on a couple of other services, so you can skip the installation part and jump right to configuring the config file or whatever else is necessary.
According to this guy ( http://forums.mysql.com/read.php?30,205612,205612 ) What you are trying to do is not possible.
Also: «the use of mysql.log is described as a performance killer and I heard that it should be obsoleted in next Mysql versions. »
I was looking for the same thing. It is suggested that you block the 3306 port on your firewall. If it's not an option, then, good luck.
You could enable mysql logging:
[mysqld]
log = /var/log/mysql/access.log
log_error = /var/log/mysql/error.log
log_warnings = 2
so that communication errors would show up in the log and then monitor that file with fail2ban.
http://dev.mysql.com/doc/refman/5.1/en/communication-errors.html