cPanel logs locations for Web, Mail, FTP, WHM and MySQL services

cPanel mail logs – SMTP (Exim), POP/IMAP (Courier/Dovecot) and Webmail (Horde/RoundCube/Squirrelmail)

Incoming and outgoing mail log/var/log/exim_mainlogFind out what happened to an email sent to an outside server, or one that came into this server.
POP or IMAP login/transaction records/var/log/maillogFind out when a mailbox was accessed, from which IP, and if it was successful.
Anti-spam logs (eg. SpamAssassin)/var/log/maillogFind out if a mail was tagged as spam, and the reason for it.
Mails rejected by Exim SMTP sever/var/log/exim_rejectlogFind out if a mail was rejected at connection level due to an Exim security policy.
SMTP/POP/IMAP server crash logs/var/log/messages,
Find out why Exim/Courier/Dovecot servers crashed.
Mailman logs/usr/local/cpanel/3rdparty/mailmain/logs/*Logs under this directory shows what happened to various mailing lists.
RoundCube delivery and error logs/var/cpanel/roundcube/log/*Logs under this directory shows mail delivery details and RoundCube access errors.
Horde error logs/var/cpanel/horde/log/*Logs under this directory show Horde errors.
SquirrelMail logs/var/cpanel/squirrelmail/*Logs related to SquirrelMail errors.

cPanel web server logs – Apache

Web site access logs/usr/local/apache/domlogs/[DOMAIN_NAME]Find out which IP accessed the site at a given time, and the status of access.
Web site and server error log/usr/local/apache/logs/error_logDetails of error returned in the web site.
Mod Security error log/usr/local/apache/logs/modsec_audit.logDetails of the mod_security deny error.
SuPHP audit log/usr/local/apache/logs/suphp_logFind out under which user ownership a script was executed.
Apache restarts through cPanel/WHM/usr/local/cpanel/logs/safeapacherestart_logFind out at what all times Apache was restarted through WHM.

cPanel FTP logs – ProFTPd/PureFTPd

File upload logs/usr/local/apache/domlogs/ftp.[DOMAIN_NAME]-ftp_logFind out which IP uploaded the files, under which user ownership, and status of upload.

cPanel/WHM services log

Brute force protection log/usr/local/cpanel/logs/cphulkd.logCheck if an IP was blocked by cPHulkd.
Login failures on all cPanel/Webmail services/usr/local/cpanel/logs/login_logFind out at what all times a user was unable to login to cPanel/Webmail services.
User logins and activity log/usr/local/cpanel/logs/access_logFind out what a user did after logging into cPanel. For eg. what did they upload through file manager.
Accounts audit log/var/cpanel/accounting.logSee the changes to accounts like creation, owner change, deletion, etc.
Backup logs/usr/local/cpanel/logs/cpbackupSee if an account was successfully backed up and when.
Web statistics update log/usr/local/cpanel/logs/stats_logSee if statistics were processed for a domain.
cPanel license update logs/usr/local/cpanel/logs/license_logFind if license update had any errors.
Service status logs/var/log/chkservd.logFind at what all times various services were responding.
Tailwatch daemon log/usr/local/cpanel/logs/tailwatchd_logTrace any errors related to Tailwatch daemon’s working.
WebDisk logs/usr/local/cpanel/logs/cpdavd_error_logTrace issues related to Web Disk daemon functioning.
Account bandwidth usage/var/cpanel/bandwidth/[DOMAIN_NAME]See the history of bandwidth usage for a given domain.
cPanel error log/usr/local/cpanel/logs/error_logTrace reasons for errors returned by cPanel interfaces.
cPanel fatal error log/usr/local/cpanel/logs/panic_logTrace reasons for cPanel service crashes.
cPanel update log/var/cpanel/updatelogs/*Trace issues related to cPanel updates.
EasyApache installation logs/usr/local/cpanel/logs/easy/apache/*Cross verify errors seen in Apache with rebuild times.
cPanel installation log/var/log/cpanelTrace issues noted in cPanel installation.

Important system and 3rd party tools logs

Cron server log/var/log/cronFind out if a cron ran as per schedule.
Default system log file/var/log/messagesMost system errors and events will be logged here.
LFD firewall log (if CSF/LFD is installed)/var/log/lfd.logFind out why an IP was blocked.
Maldetect logs (if LMD is installed)/usr/local/maldetect/event_logFind out what malware was detected, or why a file upload failed.
Server authentication logs/var/log/secureFind out who all tried to login to the server, and from which all IPs.
Server update log/var/log/yum.logFind out what all packages were updated, and when.

MySQL log

MySQL error log/var/lib/mysql/[SERVER_NAME].errFind out what caused a database server crash.
MySQL slow query log/var/log/slowqueriesFind out which database and user has un-optimized queries.

Tags: ,

previous article

cPanel Directory Structure

next article

cPanel/WHM Plugins