Overview
In this comprehensive guide, we’ll walk you through the process of finding and managing cPanel and WHM Log Files. These files are used for monitoring your hosting environment, diagnosing issues, and ensuring the smooth operation of your website hosted with Smarthost.
SmartHost logs most activity that happens on a server to log files so we can go back and review log entries. This guide will cover the locations of the SmartHost.ie log files for things such as access logs, Apache web server logs, email logs, error logs, FTP logs, MySQL logs, and WHM logs.
Here are some specific examples of how the logs can be used:
- Tracking user activity: The access log can be used to track which users are accessing the system and what actions they are taking. This information can be used to identify users who are creating an unusual number of accounts, making frequent changes to their settings, or accessing sensitive areas of cPanel.
- Troubleshooting issues: If you are experiencing problems with cPanel, such as slow performance or errors, the access log can help you identify the root cause of the problem. By analysing the log entries around the time of the issue, you can pinpoint the specific requests that were causing problems.
- Identifying security threats: The access log can be used to identify potential security threats, such as unauthorised login attempts, brute-force attacks, or attempts to exploit vulnerabilities in cPanel. By monitoring the log for unusual patterns or suspicious activity, you can take steps to protect your server from unauthorised access and other security breaches.
Email Logs
Email logs are used for tracking and troubleshooting email-related issues on your cPanel server. They provide valuable information about email deliveries, bounces, spam attempts, and other important events.
| Log File | Description | Location |
|---|---|---|
| Delivery and receipt log | Records all emails delivered and received by Exim, including the sender, recipient, and message contents. | /var/log/exim_mainlog |
| Incoming mail queue | Stores incoming emails that are waiting to be processed by Exim. | /var/spool/exim/input/ |
| Log of messages rejected based on ACLS or other policies | Tracks emails that are rejected by Exim due to access control lists (ACLs) or other policies. | /var/log/exim_rejectlog |
| Unexpected/Fatal error log | Logs unexpected or fatal errors encountered by Exim during email processing. | /var/log/exim_paniclog |
| IMAP, POP login attempts, transactions, fatal errors and spam scoring | Tracks IMAP and POP login attempts, transactions, fatal errors, and spam scoring information. | /var/log/maillog and /var/log/messages |
| Mailman | Records Mailman-related events, such as mailing list activity and administrative actions. | /usr/local/cpanel/3rdparty/mailman/logs |
cPanel and WHM Log Files
This table provides a comprehensive overview of the various log files generated by cPanel and WHM, along with their descriptions, locations, and availability to different user groups. These logs are essential for troubleshooting server-related issues, tracking server activity, and maintaining server security.
| Log File | Description | Location |
|---|---|---|
| Access logs and user actions | Records all HTTP requests to cPanel, including the IP address, time of the request, and the requested URL. | /usr/local/cpanel/logs/access_log |
| Account transfers and misc. logs | Tracks account transfers, software installations, and other miscellaneous events. | /var/cpanel/logs |
| Auditing log (account creations, deletions, etc) | Logs all cPanel administrative actions, such as user creations, deletions, and modifications. | /var/cpanel/accounting.log |
| Backup logs | Stores information about backups created and restored using cPanel’s backup tool. | /usr/local/cpanel/logs/cpbackup |
| Brute force protection (cphulkd) log | Logs attempts to brute-force cPanel logins. | /usr/local/cpanel/logs/cphulkd.log |
| Cpanel dnsadmin dns clustering daemon | Tracks DNS clustering activities. | /usr/local/cpanel/logs/dnsadmin_log |
| Cpanel taskqueue processing daemon | Logs tasks processed by the cPanel taskqueue system. | /usr/local/cpanel/logs/queueprocd.log |
| DBmapping | Records database mappings for easyApache builds. | /usr/local/cpanel/logs/setupdbmap_log |
| EasyApache build logs | Logs EasyApache build processes. | /usr/local/cpanel/logs/easy/apache/ |
| Error log | Logs all cPanel errors, including errors related to access, configuration, and software. | /usr/local/cpanel/logs/error_log |
| Installation log | Tracks cPanel installation and update events. | /var/log/cpanel |
| License updates and errors | Records license updates and errors. | /usr/local/cpanel/logs/license_log |
| Locale database modifications | Logs changes made to the cPanel locale database. | /usr/local/cpanel/logs/build_locale_database_log |
| Login errors (CPSRVD) | Records login errors related to cPanel’s CPSRVD daemon. | /usr/local/cpanel/logs/login_log |
| Horde | Tracks Horde webmail activity. | /var/cpanel/horde/log/ |
| RoundCube | Tracks Roundcube webmail activity. | /var/cpanel/roundcube/log/ |
| SquirrelMail | Tracks SquirrelMail webmail activity. | /var/cpanel/squirrelmail/ |
| Panic log | Logs panic events in cPanel, such as unexpected crashes or errors. | /usr/local/cpanel/logs/panic_log |
| Per account bandwidth history (Cached) | Stores cached bandwidth usage data for each account. | /var/cpanel/bandwidth.cache/{USERNAME} |
| Per account bandwidth history (Human Readable) | Stores human-readable bandwidth usage data for each account. | /var/cpanel/bandwidth/{USERNAME} |
| Service status logs | Tracks the status of cPanel services, such as Apache, MySQL, and PHP. | /var/log/chkservd.log |
| Tailwatch driver tailwatchd log | Logs events related to the Tailwatch driver. | /usr/local/cpanel/logs/tailwatch_log |
| Update analysis reporting | Logs update analysis reports generated by cPanel. | /usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log |
| Update (UPCP) log | Logs cPanel update events, including updates and failures. | /var/cpanel/updatelogs/updated.{TIMESTAMP}.log |
| WebDisk (CPDAVD) | Logs events related to WebDisk, including file uploads and downloads. | /usr/local/cpanel/logs/cpdavd_error_log |
| Website statistics log | Tracks website statistics, such as page views, visitors, and errors. | /usr/local/cpanel/logs/stats_log |
cPanel Access Log
The cPanel access log is a file that records all HTTP requests made to cPanel, providing valuable insights into user activity, troubleshooting issues, and identifying security threats.
| Log File | Description | Location | Availability |
|---|---|---|---|
| Access log | Records all HTTP requests to cPanel, including the IP address, time of the request, and the requested URL. | /usr/local/cpanel/logs/access_log | Available for all users, including shared hosting customers. |
cPanel Apache Log
The cPanel Apache logs provide a comprehensive overview of Apache-related activities, including restarts, domain access, log splitting, suPHP audit events, and web server and CGI application errors. These logs are essential for monitoring server performance, troubleshooting issues, and ensuring website security.
| Log File | Description | Location |
|---|---|---|
| Apache restarts done through cPanel and WHM | Records Apache restarts initiated through cPanel or WHM. | /usr/local/cpanel/logs/safeapcherestart_log |
| Domain access logs | Tracks access to Apache web servers for specific domains. | /usr/local/apache/domlogs/{DOMAIN} |
| Processing of log splitting | Logs events related to the processing of log splitting tasks. | /usr/local/cpanel/logs/splitlogs_log |
| suPHP audit log | Records events related to suPHP, a PHP execution environment that provides enhanced security. | /usr/local/apache/logs/suphp_log |
| Web server and CGI application error log | Logs errors generated by the web server and CGI applications. | /usr/local/apache/logs/error_log |
Summary
cPanel and cPanel WHM generate a wealth of log files, each serving a specific purpose in monitoring server activity, troubleshooting issues, and enhancing security. These logs provide invaluable insights into user behaviour, identify potential performance bottlenecks, and detect suspicious activity that could indicate unauthorised access or other security vulnerabilities. By understanding the location, purpose, and format of these logs, you can effectively utilise them to maintain a healthy and secure web hosting environment.
FAQ about cPanel and WHM Log Files
cPanel logs are text files generated by cPanel and cPanel WHM that record various server activities, user interactions, and performance metrics. These logs are essential for monitoring server health, troubleshooting issues, and enhancing security.
There are numerous types of cPanel logs, each serving a specific purpose. Some of the most common log files include:
– Access log: Records all HTTP requests made to cPanel, including the IP address, time of the request, and the requested URL.
– Apache logs: Track Apache-related activities, such as restarts, domain access, log splitting, suPHP audit events, and web server errors.
– Error logs: Log errors generated by cPanel, Apache, MySQL, and other components.
– Mail logs: Track email activity, including IMAP, POP login attempts, transactions, and fatal errors.
The location of cPanel logs varies depending on the type of log and the hosting environment. Some logs are directly accessible through cPanel or WHM interface, while others may require direct access to the server’s file system.
Understanding the format and structure of cPanel logs is crucial for extracting meaningful information. Each log type has its own specific format and syntax, and consulting documentation or online resources can provide valuable guidance.
Effectively utilising cPanel logs can offer several benefits, including:
– Tracking user activity: Identify unusual or suspicious user behaviour.
– Troubleshooting cPanel issues: Pinpoint the root cause of performance problems or errors.
– Identifying security threats: Detect unauthorised access attempts, brute-force attacks, or vulnerabilities.
– Enhancing server performance: Monitor resource usage, identify bottlenecks, and optimise server configurations.
By regularly reviewing and analysing cPanel logs, you can proactively address potential issues, maintain a secure environment, and ensure optimal server performance for your website.
