cPanel logs are very helpful to track the activities happening on the server. These activities are logged in different log files which can be then reviewed for problems occurred on the server. This post tries to provide you the locations of each log file which makes it easy to track activities and problems.
cPanel logs
| Access logs and user actions |
/usr/local/cpanel/logs/access_log |
| Account transfers and misc. logs |
/var/cpanel/logs |
| Auditing log (account creations, deletions, etc) |
/var/cpanel/accounting.log |
| Backup logs |
/usr/local/cpanel/logs/cpbackup |
| Brute force protection (cphulkd) log |
/usr/local/cpanel/logs/cphulkd.log |
| Cpanel dnsadmin dns clustering daemon |
/usr/local/cpanel/logs/dnsadmin_log |
| Cpanel taskqueue processing daemon |
/usr/local/cpanel/logs/queueprocd.log |
| DBmapping |
/usr/local/cpanel/logs/setupdbmap_log |
| EasyApache build logs |
/usr/local/cpanel/logs/easy/apache/ |
| Error log |
/usr/local/cpanel/logs/error_log |
| Installation log |
/var/log/cpanel |
| License updates and errors |
/usr/local/cpanel/logs/license_log |
| Locale database modifications |
/usr/local/cpanel/logs/build_locale_database_log |
| Login errors (CPSRVD) |
/usr/local/cpanel/logs/login_log |
| Horde |
/var/cpanel/horde/log/ |
| RoundCube |
/var/cpanel/roundcube/log/ |
| SquirrelMail |
/var/cpanel/squirrelmail/ |
| Panic log |
/usr/local/cpanel/logs/panic_log |
| Per account bandwidth history (Cached) |
/var/cpanel/bandwidth.cache/{USERNAME} |
| Per account bandwidth history (Human Readable) |
/var/cpanel/bandwidth/{USERNAME} |
| Service status logs |
/var/log/chkservd.log |
| Tailwatch driver tailwatchd log |
/usr/local/cpanel/logs/tailwatch_log |
| Update analysis reporting |
/usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log |
| Update (UPCP) log |
/var/cpanel/updatelogs/updated.{TIMESTAMP}.log |
| WebDisk (CPDAVD) |
/usr/local/cpanel/logs/cpdavd_error_log |
| Website statistics log |
/usr/local/cpanel/logs/stats_log |
cPanel access log
| Access logs and user actions |
/usr/local/cpanel/logs/access_log |
cPanel apache log
| Apache restarts done through cPanel and WHM |
/usr/local/cpanel/logs/safeapcherestart_log |
| Domain access logs |
/usr/local/apache/domlogs/{DOMAIN} |
| Processing of log splitting |
/usr/local/cpanel/logs/splitlogs_log |
| suPHP audit log |
/usr/local/apache/logs/suphp_log |
| Web server and CGI application error log |
/usr/local/apache/logs/error_log |
cPanel email log
| Delivery and receipt log |
/var/log/exim_mainlog |
| Incoming mail queue |
/var/spool/exim/input/ |
| Log of messages rejected based on ACLS or other policies |
/var/log/exim_rejectlog |
| Unexpected/Fatal error log |
/var/log/exim_paniclog |
| IMAP, POP login attempts, transactions, fatal errors and spam scoring |
/var/log/maillog |
/var/log/messages |
| Mailman |
/usr/local/cpanel/3rdparty/mailmain/logs |
| MySQL error log |
/var/lib/mysql/{SERVER_NAME}.err |
| MySQL slow query log (if enabled in my.cnf) |
/var/log/slowqueries |
Searching the log files and reading them from shell can be sometimes very difficult and not might be troublesome. Thankfully, a cPanel plugin is available which allows the log files to be read from the WHM login. The plugin can be obtained at http://log-view.com and the installation steps can be found at http://log-view.com/latest/logview-installation.php
