mysql error on log access denied

leonep

• November 24, 2022 14:48

Hello, i have a lot of notice entries in mysqld.log. i tried changing the password from whm as well but it keeps flooding my log where can i look for responsible for this? ............luckily everything is ok and running on the server ! 2022-11-24T20:35:53.233369Z 671 [Note] Access denied for user 'root'@'localhost' (using password: NO) 2022-11-24T20:36:07.996364Z 686 [Note] Access denied for user 'root'@'localhost' (using password: YES) 2022-11-24T20:36:07.996491Z 687 [Note] Access denied for user 'root'@'localhost' (using password: NO) 2022-11-24T20:36:08.233812Z 688 [Note] Access denied for user 'root'@'localhost' (using password: YES) 2022-11-24T20:36:08.233971Z 689 [Note] Access denied for user 'root'@'localhost' (using password: NO) 2022-11-24T20:36:23.234368Z 695 [Note] Access denied for user 'root'@'localhost' (using password: YES) 2022-11-24T20:36:23.234471Z 696 [Note] Access denied for user 'root'@'localhost' (using password: NO) 2022-11-24T20:36:38.234840Z 706 [Note] Access denied for user 'root'@'localhost' (using password: YES) 2022-11-24T20:36:38.234998Z 707 [Note] Access denied for user 'root'@'localhost' (using password: NO) 2022-11-24T20:36:53.235314Z 724 [Note] Access denied for user 'root'@'localhost' (using password: YES) 2022-11-24T20:36:53.235465Z 725 [Note] Access denied for user 'root'@'localhost' (using password: NO) ................... ................... mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 977 Server version: 5.7.39-cll-lve MySQL Community Server - (GPL) Copyright (c) 2000, 2022, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> status -------------- mysql Ver 14.14 Distrib 5.7.39, for Linux (x86_64) using EditLine wrapper Connection id: 977 Current database: Current user: root@localhost SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server version: 5.7.39-cll-lve MySQL Community Server - (GPL) Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: utf8mb4 Db characterset: utf8mb4 Client characterset: utf8mb4 Conn. characterset: utf8mb4 UNIX socket: /var/lib/mysql/mysql.sock Uptime: 17 min 51 sec Threads: 1 Questions: 90375 Slow queries: 0 Opens: 2396 Flush tables: 1 Open tables: 1936 Queries per second avg: 84.383 --------------

• 

  ServerHealers

  • November 25, 2022 05:57

  It is possible something else configured in your server having wrong password and it keep trying to authenticate. We had a situation in the past on a customer server, where the MySQL monitor script they had for Nagios causing this after a MySQL root password reset as they forgot to update the new password in the script. It could be something similar, and correcting it would stop it. Alternatively, it could be a website hosted on your server with root user and a wrong password in its config file (This is not a recommended approach I know, however, I've seen some people doing this when they follow some online articles). If this is the case, I'd suggest creating a new MySQL user and assign it to the site's database and put that new user details in the config file instead of root user.

  0
• 

  leonep

  • November 25, 2022 06:25

  great, thanks for the help. but how did you understand and identify that it was that specific script for nagios ?

  0
• 

  ServerHealers

  • November 25, 2022 08:31

  As a first step, we confirmed with the customer whether they used any monitor inhouse or by a previous management company and proceed further once they confirmed that they used Nagios for monitoring the server. It was easy for us when we get that information, and saved a lot of time.:) If you have similar setup, I'd suggest looking at /etc/nrpe.d/ directory for any Nagios configs where we usually configure checks or could be /etc/check_mk/mysql.cfg if CheckMk in use. If these are not, then it would be time consuming in troubleshooting where exactly these logins are configured incorrectly.

  0

Please sign in to leave a comment.