I got this connections constantly in logs, how to trace what app is trying to connect?
root@localhost is allowed to connect and working for some apps. I think there is some app without changed password. How to trace it?
190310 22:38:57 [Warning] Access denied for user 'root'@'localhost'
(using password: YES) 190310 22:38:59 [Warning] Access denied for user
'root'@'localhost' (using password: YES) 190310 22:38:59 [Warning]
Access denied for user 'root'@'localhost' (using password: YES) 190310
22:39:03 [Warning] Access denied for user 'root'@'localhost' (using
password: YES)
Best Answer
One way to do this might be by finding out what local processes have the MySQL socket file open. First, determine where your socket file is. Not sure where it is on Debian, try
/tmp/mysql.sock
or/var/lib/mysql/mysql.sock
, or checkmy.cnf
for the location.Next, since the failing connection comes and goes, you will need to "freeze" it temporarily in order to catch it in the act. You can do it by stopping the
mysqld
process. For example, runpgrep -l mysqld
to determine its process ID, thensudo kill -STOP <PID>
(replace<PID>
with the actual ID, obviously).Now you can run
sudo lsof | grep mysql.sock
(or whatever your socket file happens to be) to see every process that has the file open.To "un-freeze"
mysqld
, runsudo kill -CONT <mysqld PID>