USA 866-611-1556 : Intl 646-328-7520

cPanel logs locations for Web, Mail, FTP, WHM and MySQL services

cPanel mail logs – SMTP (Exim), POP/IMAP (Courier/Dovecot) and Webmail (Horde/RoundCube/Squirrelmail)

 

Incoming and outgoing mail log /var/log/exim_mainlog Find out what happened to an email sent to an outside server, or one that came into this server.
POP or IMAP login/transaction records /var/log/maillog Find out when a mailbox was accessed, from which IP, and if it was successful.
Anti-spam logs (eg. SpamAssassin) /var/log/maillog Find out if a mail was tagged as spam, and the reason for it.
Mails rejected by Exim SMTP sever /var/log/exim_rejectlog Find out if a mail was rejected at connection level due to an Exim security policy.
SMTP/POP/IMAP server crash logs /var/log/messages,
/var/log/maillog,
/var/log/exim_paniclog
Find out why Exim/Courier/Dovecot servers crashed.
Mailman logs /usr/local/cpanel/3rdparty/mailmain/logs/* Logs under this directory shows what happened to various mailing lists.
RoundCube delivery and error logs /var/cpanel/roundcube/log/* Logs under this directory shows mail delivery details and RoundCube access errors.
Horde error logs /var/cpanel/horde/log/* Logs under this directory show Horde errors.
SquirrelMail logs /var/cpanel/squirrelmail/* Logs related to SquirrelMail errors.

 

cPanel web server logs – Apache

 

Web site access logs /usr/local/apache/domlogs/[DOMAIN_NAME] Find out which IP accessed the site at a given time, and the status of access.
Web site and server error log /usr/local/apache/logs/error_log Details of error returned in the web site.
Mod Security error log /usr/local/apache/logs/modsec_audit.log Details of the mod_security deny error.
SuPHP audit log /usr/local/apache/logs/suphp_log Find out under which user ownership a script was executed.
Apache restarts through cPanel/WHM /usr/local/cpanel/logs/safeapacherestart_log Find out at what all times Apache was restarted through WHM.

 

cPanel FTP logs – ProFTPd/PureFTPd

 

File upload logs /usr/local/apache/domlogs/ftp.[DOMAIN_NAME]-ftp_log Find out which IP uploaded the files, under which user ownership, and status of upload.

 

cPanel/WHM services log

 

Brute force protection log /usr/local/cpanel/logs/cphulkd.log Check if an IP was blocked by cPHulkd.
Login failures on all cPanel/Webmail services /usr/local/cpanel/logs/login_log Find out at what all times a user was unable to login to cPanel/Webmail services.
User logins and activity log /usr/local/cpanel/logs/access_log Find out what a user did after logging into cPanel. For eg. what did they upload through file manager.
Accounts audit log /var/cpanel/accounting.log See the changes to accounts like creation, owner change, deletion, etc.
Backup logs /usr/local/cpanel/logs/cpbackup See if an account was successfully backed up and when.
Web statistics update log /usr/local/cpanel/logs/stats_log See if statistics were processed for a domain.
cPanel license update logs /usr/local/cpanel/logs/license_log Find if license update had any errors.
Service status logs /var/log/chkservd.log Find at what all times various services were responding.
Tailwatch daemon log /usr/local/cpanel/logs/tailwatchd_log Trace any errors related to Tailwatch daemon’s working.
WebDisk logs /usr/local/cpanel/logs/cpdavd_error_log Trace issues related to Web Disk daemon functioning.
Account bandwidth usage /var/cpanel/bandwidth/[DOMAIN_NAME] See the history of bandwidth usage for a given domain.
cPanel error log /usr/local/cpanel/logs/error_log Trace reasons for errors returned by cPanel interfaces.
cPanel fatal error log /usr/local/cpanel/logs/panic_log Trace reasons for cPanel service crashes.
cPanel update log /var/cpanel/updatelogs/* Trace issues related to cPanel updates.
EasyApache installation logs /usr/local/cpanel/logs/easy/apache/* Cross verify errors seen in Apache with rebuild times.
cPanel installation log /var/log/cpanel Trace issues noted in cPanel installation.

 

Important system and 3rd party tools logs

 

Cron server log /var/log/cron Find out if a cron ran as per schedule.
Default system log file /var/log/messages Most system errors and events will be logged here.
LFD firewall log (if CSF/LFD is installed) /var/log/lfd.log Find out why an IP was blocked.
Maldetect logs (if LMD is installed) /usr/local/maldetect/event_log Find out what malware was detected, or why a file upload failed.
Server authentication logs /var/log/secure Find out who all tried to login to the server, and from which all IPs.
Server update log /var/log/yum.log Find out what all packages were updated, and when.

 

MySQL log

 

MySQL error log /var/lib/mysql/[SERVER_NAME].err Find out what caused a database server crash.
MySQL slow query log /var/log/slowqueries Find out which database and user has un-optimized queries.

 

July 15, 2016   1675    CPanel / WHM    
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?


Leave a Comment