cPanel logs most activity that happens on a server to log files so you can go back and review log entries for problems, instead of having to be on the server at the time of them happening.

This guide will cover the locations of the log files for things such as access logs, Apache web server logs, email logs, error logs, ftp logs, MySQL logs, and WHM logs.

If you'd like to have a poster of the 2013 cPanel logs location reference, you can request them from cPanel directly.

You can also view a digitial copy of this poster directly online at go.cPanel.net/logposter.

cPanel logs

Access logs and user actions /usr/local/cpanel/logs/access_log
Account transfers and misc. logs /var/cpanel/logs
Auditing log (account creations, deletions, etc) /var/cpanel/accounting.log
Backup logs /usr/local/cpanel/logs/cpbackup
Brute force protection (cphulkd) log /usr/local/cpanel/logs/cphulkd.log
Cpanel dnsadmin dns clustering daemon /usr/local/cpanel/logs/dnsadmin_log
Cpanel taskqueue processing daemon /usr/local/cpanel/logs/queueprocd.log
DBmapping /usr/local/cpanel/logs/setupdbmap_log
EasyApache build logs /usr/local/cpanel/logs/easy/apache/
Error log /usr/local/cpanel/logs/error_log
Installation log /var/log/cpanel
License updates and errors /usr/local/cpanel/logs/license_log
Locale database modifications /usr/local/cpanel/logs/build_locale_database_log
Login errors (CPSRVD) /usr/local/cpanel/logs/login_log
Horde /var/cpanel/horde/log/
RoundCube /var/cpanel/roundcube/log/
SquirrelMail /var/cpanel/squirrelmail/
Panic log /usr/local/cpanel/logs/panic_log
Per account bandwidth history (Cached) /var/cpanel/bandwidth.cache/{USERNAME}
Per account bandwidth history (Human Readable) /var/cpanel/bandwidth/{USERNAME}
Service status logs /var/log/chkservd.log
Tailwatch driver tailwatchd log /usr/local/cpanel/logs/tailwatch_log
Update analysis reporting /usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log
Update (UPCP) log /var/cpanel/updatelogs/updated.{TIMESTAMP}.log
WebDisk (CPDAVD) /usr/local/cpanel/logs/cpdavd_error_log
Website statistics log /usr/local/cpanel/logs/stats_log

cPanel access log

Access logs and user actions /usr/local/cpanel/logs/access_log

cPanel apache log

Apache restarts done through cPanel and WHM /usr/local/cpanel/logs/safeapcherestart_log
Domain access logs /usr/local/apache/domlogs/{DOMAIN}
Processing of log splitting /usr/local/cpanel/logs/splitlogs_log
suPHP audit log /usr/local/apache/logs/suphp_log
Web server and CGI application error log /usr/local/apache/logs/error_log

cPanel email log

Delivery and receipt log /var/log/exim_mainlog
Incoming mail queue /var/spool/exim/input/
Log of messages rejected based on ACLS or other policies /var/log/exim_rejectlog
Unexpected/Fatal error log /var/log/exim_paniclog
IMAP, POP login attempts, transactions, fatal errors and spam scoring /var/log/maillog /var/log/messages
Mailman /usr/local/cpanel/3rdparty/mailmain/logs

MySQL log

MySQL error log /var/lib/mysql/{SERVER_NAME}.err
MySQL slow query log (if enabled in my.cnf) /var/log/slowqueries

You should now know where to begin looking if you suspect problems on your cPanel server.

Support Center Login


Social Media Login

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-05-17 9:33 am

Really helpful information given.. Thank You for update.

n/a Points
2014-07-07 8:42 am

Very  helpfull and correct informations.

n/a Points
2014-08-03 3:25 am
Very good reference
n/a Points
2014-12-20 7:17 pm

Is there any way to access these log by WHM? not shell?

Because root isn't allowed to access shell.

Staff
11,156 Points
2014-12-22 9:33 am
Could you clarify which of these logs you need to access? Some of the information may be found via WHM when logged in as root, but not all.
n/a Points
2014-12-22 10:05 am

I think to need Access logs and user actions

To see the log of accessing files and if a website hacked or something like that

Staff
14,452 Points
2014-12-22 10:24 am
Hello Maro,

Thank you for contacting us. You can get to the Raw Access Logs from cPanel.

We also have an article titled I think my website has been hacked that explains how to tell, and what to do if you are hacked.

If you have any further questions, feel free to post them below.

Thank you,
John-Paul
2015-01-24 11:31 pm
Not sure what happened here, but managed hosting just migrated my wordpress site and database and setup the best VPS hosting plan you have and now a few days later I received 2 email notifications about it and I have no idea what to do about them! Any help would be appreciated.

Here is the first message:

An error was detected which prevented updatenow from completing normally.
Please review the enclosed log for further details

----------------------------------------------------------------------------------------------------

[20150124.181602] Detected version '11.46.2.3' from version file.
[20150124.181602] Running version '11.46.2.3' of updatenow.
[20150124.181602] Using mirror '74.200.212.130' for host 'httpupdate.cpanel.net'.
[20150124.181821] ***** FATAL: Unable to retrieve tier version info: Interrupted system call
[20150124.181821] The Administrator will be notified to review this output when this script completes
[20150124.181821] E Detected events which require user notification during updatenow. Will send iContact the log

Here is the second message:
cPanel not being able to update. Running `/usr/local/cpanel/scripts/updatenow --upcp --log=/var/cpanel/updatelogs/update.1422141361.log` failed, exited with code 255 (signal = 0)


Thank you!
Kenny
Staff
25,006 Points
2015-01-26 11:57 am
Hello Kenny,

As this was something done by the Managed Hosting team, you will likely want to reach out to them to see if they can help. If you do not have any time left with them, you may also want to reach out to our Live Support team for specific configuration and what may be causing the issue.

Kindest Regards,
Scott M
n/a Points
2015-02-05 7:29 pm

I see that the access logs under mail has 356 MB space. Is it a good idea to remove the old logs and it is better to leave it. If need to reduce it, how to do. Thanks.

Staff
11,156 Points
2015-02-06 3:00 pm
What you keep and remove is completely up to you. With a log that size, it's a good idea to remove it if you do not need any information from it.
n/a Points
2015-02-09 6:13 am

Its great. Most useful information about linux logs. I could not get any where. It seems that now I can see logs info easily. Its not any hurdle and could not stuck for anything about logs. Many thanks :)

n/a Points
2015-02-09 6:15 am
Its very helpful article. I am newer to the linux and dont know the exact log locations. It seems that I could not look any other article for the logs. Thanks.
n/a Points
2015-03-02 1:25 am

The logs above are all just for the last 24 hours right ? If so is there any way to increase them. I just checked the apache logs for one of my server and it only managed to view last 24hrs

Staff
22,613 Points
2015-03-02 10:14 am
Hello Harmeshver Singh,

Thanks for the question. The log files are automatically archived in order to keep them from getting to large. You would need to submit a verified support ticket to request a copy of older logs on the server.

Apologies that I can't provide a direct answer in this case. However, if you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2015-03-17 3:05 am
Thanks for this article

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

17 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!