One of the nice things about cPanel-based servers is the way that they keep the location of key files in the same place across all the various cPanel versions. Due to this consistency one always knows where to look for logs files for all services running on a cPanel server.
Apache is the web server that is typically utilized by cPanel. On cPanel servers Apache does write to a rather high number of logs as each site has its own traffic log.
The access_log is used to log all http requests to either the hostname of the server, requests directed at the servers IPs, or sites that resolve to the server but are no longer hosted on it.
On cPanel servers all Apache errors, regardless of site, are logged in the error_log.
Within the domlogs folder, each site on the server will have its own log file. These files will be the fully qualified domain name for the domain, i.e. domain.com, liquidweb.com. All http traffic to a site will be logged in this log file.
Exim is the MTA(Mail Transfer Agent) that cPanel utilizes. Exim has three primary logs, but only two of these logs contain useful information.
The exim_mainlog contains ALL interactions that exim handles, so both incoming and outgoing mail transactions.
The exim_rejectlog contains all connection attempts that were denied. This information is also logged in the exim_mainlog.
For more information on Exim's logs, try a Google search for “Exim Cheat Sheet”.
Cpanel does log all http traffic to WHM, webmail, and cPanel access. All cPanel logs are located in the /usr/local/cpanel/logs directory.
This access_log contains all traffic to WHM, cPanel, and webmail over http.
This error_log contains all errors that occur when accessing a cPanel related site over http or https.
Regardless of FTP daemon in use, cPanel does log connections, uploads, and downloads. However, FTP does not have its own log file it is instead threaded into the system side messages log file.
All FTP transactions are recorded in messages. They are however interwoven with all other system messages that are logged in this file.
SSH (aka Secure Shell) is a secure way of logging into a server remotely from another computer. On almost all servers the SSH service will be logging into the secure & system side messages log files.
All authentication related SSH transactions are recorded in secure & commands issued over an SSH connection will be logged in messages.
We pride ourselves on being The Most Helpful Humans In Hosting™!
Should you have any questions related to this article, our experienced Technicians and Systems Administrators are always ready to assist you day or night!
We are available 24 hours a day, 7 days a week 365 days a year, via our ticketing systems at firstname.lastname@example.org, by phone (at 800-580-4986) or via a LiveChat or whatever method you prefer.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.