Hello, Why fail2ban don't support mysql? I have found a patch to make it work but I think that mysql logging can be a performance killer. I have test to logging and in minutes I get a very heavy log (logging with "General query log" level ). There is any way to log only connections in mysql? Cheers!
Fail2ban does not work well with mysql.log because MySQL does not log the client IP address of the failed login attempt. The part after the '@' in the "Access denied for user 'name'@'host.doma.in'" message is the result of a reverse DNS lookup on the client IP address, which may or may not resolve back to the original IP address. If it doesn't, fail2ban will fail, or worse, ban the wrong address.
For me is working perfectly with this configuration: [mysqld-auth] enabled = true filter = mysqld-auth port = 3306 logpath = /var/log/mysql/error.log
that depends on how you configured mysql - if you have skip-resolve then mysql doesn't resolve the ip, however you need to add ispconfig login with @127.0.0.1 in some cases since it won't resolve anymore
