We had a strange behaviour on one of our mariadb-servers:
Everyday at around midnight we saw that the root-account on one of our servers is trying to access the database.
# journalctl -u mariadb
Dec 16 00:00:03 cool-server mariadbd[788]: 2022-12-16 0:00:03 34996 [Warning] Access denied for user 'root'@'localhost' (using password: NO)
Dec 17 00:00:02 cool-server mariadbd[788]: 2022-12-17 0:00:02 89012 [Warning] Access denied for user 'root'@'localhost' (using password: NO)
Dec 18 00:00:02 cool-server mariadbd[788]: 2022-12-18 0:00:02 143027 [Warning] Access denied for user 'root'@'localhost' (using password: NO)
Dec 19 00:00:02 cool-server mariadbd[788]: 2022-12-19 0:00:02 197043 [Warning] Access denied for user 'root'@'localhost' (using password: NO)
At first we wondered why this happens and looked at every crontab and haven't seen something that tries to authenticate at midnight on the server. But after we looked into the syslog for this host we noticed that the authentication happened right after a logrotation.
# less /var/log/syslog
Dec 19 00:00:01 cool-server systemd[1]: Starting Rotate log files...
Dec 19 00:00:02 cool-server mariadbd[788]: 2022-12-19 0:00:02 197043 [Warning] Access denied for user 'root'@'localhost' (using password: NO)
Right after that we had a look into the logrotation-configuration and saw that the mysqladmin-command is used to check if the server is running in order to rotate the log:
# vim /etc/logrotate.d/mysql-server
/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log /var/log/mysql/error.log {
daily
rotate 7
missingok
create 640 mysql adm
compress
sharedscripts
postrotate
test -x /usr/bin/mysqladmin || exit 0
# check if server is running
if mysqladmin ping > /dev/null 2>&1; then
mysqladmin --defaults-file=/etc/mysql/debian.cnf --local flush-error-log \
flush-engine-log flush-general-log flush-slow-log
fi
endscript
}
From the
documentation of the parameter
Show archive.org snapshot
ping
of the mysqladmin-command we can see that the command tries to access the database and if that command succeeds (even if access is denied) the log will be rotated.
We experienced this error on our ubuntu 20.04-servers with version 10.6.11 of mariadb-server from the official Galera-/MariaDB-Mirror.