Forum Discussion

pjcampbell_7243's avatar
Oct 21, 2009

Help logging mysql connections

We've got this weird connection attempt going to our mysqld which we now have going through the BIG-IP and I am having a hard time finding where the connection is coming from.

 

I have a simple iRule setup but there's just too many constant connections from too many different machines to narrow it down:

 

when SERVER_CONNECTED {

 

log local0. "Client IP: [IP::client_addr]"

 

}

 

Would the be a way to log anything like the username or anything more specific to narrow it down?

 

We have an iRule limiting IP addresses , but this connection is passing that.

 

 

Also any idea why the secondary BIGIP would be connecting every few seconds?

5 Replies

  • James_Quinby_46's avatar
    James_Quinby_46
    Historic F5 Account
    You might have better luck with a tcpdump on that virtual, letting it run for a bit and then dissecting the pcap with wireshark or some similar tool. The standby BigIP is probably connecting reguarly because it is also running a health monitor against your mysql.
  • Couldn't you also check the mysql server status tables or logs to see which client IP addresses are running and which queries they're executing? If you're using SNAT on LTM and having a hard time correlating the query back to the original client IP, you could temporarily log the original and SNAT IP and ports in an iRule.

     
     when SERVER_CONNECTED { 
        log local0. "[IP::client_addr]:[TCP::client_port] translated to [IP::local_addr]:[TCP::local_port]" 
     } 
     

    Aaron
  • I have the same problem. My question is if I add the HTTP profile (in order to allow for an iRule to log), will it cause problems? Obviously this is not HTTP traffic.

     

    • Vijay_E's avatar
      Vijay_E
      Icon for Cirrus rankCirrus
      Don't use HTTP profile for non-HTTP traffic. Everything will break for that kind of traffic.
    • pjcampbell_7243's avatar
      pjcampbell_7243
      Icon for Cirrus rankCirrus
      For some reason I was thinking you need an HTTP profile to do an iRule, but I guess that is not true as long as you aren't using HTTP_REQUEST, etc. I ended up sending these to a syslog with HSL. Pretty funny also that I'm responding to my own original question from 2009. didn't even realize that.