phpmyadmin fail2ban failed login log
Solution 1:
- Edit
/etc/phpmyadmin/config.user.inc.php
file and add something similar to:
<?php
$cfg['AuthLog'] = '/tmp/phpmyadmin.log';
- Check it out:
tail -F /tmp/phpmyadmin.log
- Perform a bad login in your phpmyadmin. Expected output similar to:
Jan 19 09:20:00 phpmyadmin: user denied: sfsd (mysql-denied) from 10.163.1.128
If your phpmyadmin server is behind a reverse proxy and its private IP address is 10.163.1.128
you probably want to log the public IP address of the client, so step 1 should be:
<?php
$cfg['AuthLog'] = '/tmp/phpmyadmin.log';
$cfg['TrustedProxies'] = array('10.163.1.128' => 'HTTP_X_FORWARDED_FOR');
Please bear in mind that the user running your phpmyadmin (typically www-data
) should have write access to file and parent dir defined in $cfg['AuthLog']
variable name