Deleting log files

Hello @panit,

Can you confirm that error_log is selected in WHM >> Apache Configuration >> Log Rotation? If so, it should be rotated when it reaches the value configured for Log Rotation Size Threshold under the Stats and Logs tab in WHM >> Tweak Settings.

Thank you.

 

Hello @panit,

MySQL documents how to maintain the error log file at:

MySQL :: MySQL 5.7 Reference Manual :: 5.4.2.6 Error Log File Flushing and Renaming

Going forward, you can setup log rotation for MySQL by customizing the /etc/logrotate.d/mysql file:

Code:

# The log file name and location can be set in
# /etc/my.cnf by setting the "log-error" option
# in [mysqld]  section as follows:
#
# [mysqld]
# log-error=/var/log/mysqld.log
#
# For the mysqladmin commands below to work, root account
# password is required. Use mysql_config_editor(1) to store
# authentication credentials in the encrypted login path file
# ~/.mylogin.cnf
#
# Example usage:
#
#  mysql_config_editor set --login-path=client --user=root --host=localhost --password
#
# When these actions has been done, un-comment the following to
# enable rotation of mysqld's log error.
#

#/var/log/mysqld.log {
#        create 640 mysql mysql
#        notifempty
#        daily
#        rotate 5
#        missingok
#        compress
#    postrotate
#       # just if mysqld is really running
#       if test -x /usr/bin/mysqladmin && \
#          /usr/bin/mysqladmin ping &>/dev/null
#       then
#          /usr/bin/mysqladmin flush-logs
#       fi
#    endscript
#}

Let me know if you have any additional questions.

Thank you.

 

Hello @panit,

That entry shouldn't relate to a firewall rule because a a firewall rule would prevent access to MySQL all together. Can you let us know the full line that's recorded in the MySQL error log as it pertains to "Access denied for user"?

Thank you.

 

Hello @panit,

Do you have the MySQL port (3306) restricted with firewall rules? If not, you may want to use a firewall management utility such as CSF to do so:

ConfigServer Security & Firewall (csf)

With the default CSF firewall rules, MySQL will still function for local connections, but you will need to whitelist IP addresses for users that connect to their databases from external servers.

Thank you.

 

Hello @panit,

When these users are making the remote connections to MySQL databases, are they first browsing to the Remote MySQL option in cPanel to grant remote access to their IP addresses? If so, you could develop a script that takes the IP address entered on this option and adds it to the CSF whitelist for port 3306. To do this, you'd create the custom script and configure it to run automatically via a hook every time a new IP address is authorized via the Remote MySQL option in cPanel:

Guide to Standardized Hooks - Developer Documentation - cPanel Documentation

The following location should be helpful if you are looking for a file to fetch the customer's IP address from in your custom bash script:

Code:

/var/cpanel/databases/grants_$username.yaml

Here's the specific UAPI call you'd hook into at the post stage:

Code:

Cpanel::UAPI::Mysql::add_host

Thank you.