Bug #76612 would like ability to throttle firewall ACCESS DENIED messages in error log
Submitted: 7 Apr 2015 19:57 Modified: 5 May 2015 15:24
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Security: Firewall Severity:S4 (Feature request)
Version:5.6.24 OS:Any
Assigned to: CPU Architecture:Any

[7 Apr 2015 19:57] Shane Bester
I don't see a way to prevent this message from spamming the logs:

2015-04-07 21:40:08 20584 [Note] Plugin MYSQL_FIREWALL reported: 'ACCESS DENIED for shane@%Reason: No match in whitelist. Statement: ALTER TABLE t0000 REMOVE PARTITIONING '

How to repeat:
Run a few million queries whose digests are not in the whitelist, the error log grows too fast.

Suggested fix:
Log throttling is always needed to avoid DoS due to out of disk space or mis-configured whitelist.
[5 May 2015 15:24] Paul Dubois
Noted in 5.6.25 changelog.

Some MySQL Enterprise Firewall diagnostic messages were written
outside the control of the log_error_verbosity system variable.