Accessing the Raw Access Logs in cPanel

In cPanel, you can access your website’s raw access logs to see the traffic to your website before it is turned into a report by statistics software. This is great for taking a closer look at the type of requests your site is getting.

To get the most out of your raw access logs, you want to enable raw access log archiving in cPanel.

  1. Log into cPanel
  2. Under the Metrics section, click on Raw Access


    Raw access - cPanel
     
  3. Click on the domain to see its stats.


    Raw Access Logs page

     
  4. Your browser should download the compressed raw access log. Once that has completed, use a program like 7zip to uncompress the files on your computer.
  5. Uncompress the file and open it

    Uncompressed file

You will now see every request that your website had to deal with. If you just wanted to easily review your website traffic, you could use something like AWStats in cPanel to do so.

If you have SSH access to your server, you can also learn about reviewing traffic from an Apache access log.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

9 thoughts on “Accessing the Raw Access Logs in cPanel

  1. Am I incorrect in saying that if using a CDN, such as AWS, then edge data such as Awstats is more accurate than raw access logs – that raw access log data is obstructed by resources being served from cache by this node?

    Thank you.

    1. Hi Chris,

      This question is a bit complicated and depends on the type of server you’re using for your website (from InMotion). Each server is cached, but the architecture is slightly different for the WordPress-optimized servers. If you were using a VPS (Virtual Private Server) or a Dedicated server, then the raw access log would be the better solution. In a shared environment, it’s a little more complicated. WordPress-optimized servers use NGINX for caching, so not all of the information is logged in the same place. NGINX has its own logs, as does the Apache server, so the Raw logs would not be as accurate in that situation. If you’re on a server that is not optimized for WordPress, then this would not be the case. The raw logs (for Apache) would be more accurate. I asked a Systems person in regards to the question and he also added: “Even if something is cached, it still has to have the content served so the instance would show in the access log.”

  2. It is possible to download them via ssh. The “live” access logs are found at /home/<USERNAME>/access-logs/ and the archives are found in /home/<USERNAME>/logs/

    Ben

    1. Hey Val,

      Awesome! Glad that did the trick for you, thanks for commenting back and letting us know it worked. I’ll go ahead and mark this guide as needing to be updated to also reflect that as an option for getting to your raw access logs.

      Let us know if you run into any further problems, we are constantly updating our content to try to provide the best solutions for any issues!

      – Jacob

  3. Great, but we have to log into cPanel to do this. I analyze my logs programatically, every day, to look for security issues, user activity, etc. Until some months ago this was easy because the raw log file for the day resided in a user-accessible folder that could be pulled by FTP. Now it’s spirited away in some place that tech support don’t know about or won’t talk about, so manual cPanel is the only method available. Unless I’m willing to download the entire month’s compressed log to pick out one day’s records. Sorry to be blunt but this is a step backwards. I’ve closed one hosting account due to this, and may do the same with another.

    1. Hello Val,

      I apologize for the inconvenience. The ability to FTP into the /access-logs directory does appear to be missing for the main cPanel users due to security restrictions on the server.

      However you should be able to use the userna5_logs FTP user which should have the same password as your main FTP account, and has direct access into your website’s raw access logs. Obviously, replace userna5_ with your own cPanel username.

      Please let us know if you’re still unable to access your raw access logs this way.

      – Jacob

Was this article helpful? Join the conversation!