Enable raw access log archiving for all cPanel accounts
In this article I'll quickly show you how to enable raw access log archiving for all cPanel accounts on your VPS (Virtual Private Server) or dedicated server all at once. Raw access logs contain the request data directly from the Apache web service that all of your website have been fulfulling.
Without raw access logs, the only data you have to go off of for website requests is provided by one of the web statistics programs on the server, either Awstats, Logaholic, or Webalizer into compiled reports. Unfortunately those reports don't show a lot of helpful information that can help you track down problematic requests that could be causing problems on your server.
I wrote a previous article about enabling raw access log archiving in cPanel that walks you through how you can enable archiving of your raw access logs by logging into cPanel for just one account. We also have another article on accessing the raw access logs in cPanel showing how to retreive the raw access logs by downloading them to your local machine.
In this article I'm going to walk you through an easy way to enable raw access log archiving for every single cPanel user on your server at once. That way if you have any server usage problems that pop up at some point, you'll have the logs you need to go back and investigate what might have possibly led to the issues.
Please note that to follow the steps below you'll need root access to either your VPS or dedicated server so that you can access every cPanel account at once.
Enabling raw access logs archiving
I'm going to show you how to write out a cPanel configuration file that controls the raw access log archive settings, and then copy that to every cPanel user so that all of their logs are archived.
- Login to your server via SSH as the root user.
- Run the following command to enable raw access logs archiving:
echo archive-logs=1 > /root/.cpanel-logs
If you'd like to remove old archived logs, so that you're only keeping a month worth of archived logs, also run this command:echo remove-old-archived-logs=1 >> /root/.cpanel-logs
- Now you can run the following loop to write out the raw access log archive settings to each cPanel user on the server:
for user in `/bin/ls -1 /var/cpanel/users`; do cp -frp /root/.cpanel-logs /home/$user/; chown $user.$user /home/$user/.cpanel-logs; chmod 640 /home/$user/.cpanel-logs; done
That should be all that you need to do in order to setup raw access log archiving for all of your cPanel users. Now if your server's usage spikes again you'll have logs to review for a possible explanation as to why.
You can read my guide on how to parse archived raw access logs from cPanel, for an in-depth review on how you can review all of the requests being stored in your archived raw access logs.