cPanel mail logs – SMTP (Exim), POP/IMAP (Courier/Dovecot) and Webmail (Horde/RoundCube/Squirrelmail)
| Incoming and outgoing mail log | /var/log/exim_mainlog | Find out what happened to an email sent to an outside server, or one that came into this server. |
|---|---|---|
| POP or IMAP login/transaction records | /var/log/maillog | Find out when a mailbox was accessed, from which IP, and if it was successful. |
| Anti-spam logs (eg. SpamAssassin) | /var/log/maillog | Find out if a mail was tagged as spam, and the reason for it. |
| Mails rejected by Exim SMTP sever | /var/log/exim_rejectlog | Find out if a mail was rejected at connection level due to an Exim security policy. |
| SMTP/POP/IMAP server crash logs | /var/log/messages, /var/log/maillog, /var/log/exim_paniclog | Find out why Exim/Courier/Dovecot servers crashed. |
| Mailman logs | /usr/local/cpanel/3rdparty/mailmain/logs/* | Logs under this directory shows what happened to various mailing lists. |
| RoundCube delivery and error logs | /var/cpanel/roundcube/log/* | Logs under this directory shows mail delivery details and RoundCube access errors. |
| Horde error logs | /var/cpanel/horde/log/* | Logs under this directory show Horde errors. |
| SquirrelMail logs | /var/cpanel/squirrelmail/* | Logs related to SquirrelMail errors. |
cPanel web server logs – Apache
| Web site access logs | /usr/local/apache/domlogs/[DOMAIN_NAME] | Find out which IP accessed the site at a given time, and the status of access. |
|---|---|---|
| Web site and server error log | /usr/local/apache/logs/error_log | Details of error returned in the web site. |
| Mod Security error log | /usr/local/apache/logs/modsec_audit.log | Details of the mod_security deny error. |
| SuPHP audit log | /usr/local/apache/logs/suphp_log | Find out under which user ownership a script was executed. |
| Apache restarts through cPanel/WHM | /usr/local/cpanel/logs/safeapacherestart_log | Find out at what all times Apache was restarted through WHM. |
cPanel FTP logs – ProFTPd/PureFTPd
| File upload logs | /usr/local/apache/domlogs/ftp.[DOMAIN_NAME]-ftp_log | Find out which IP uploaded the files, under which user ownership, and status of upload. |
|---|
cPanel/WHM services log
| Brute force protection log | /usr/local/cpanel/logs/cphulkd.log | Check if an IP was blocked by cPHulkd. |
|---|---|---|
| Login failures on all cPanel/Webmail services | /usr/local/cpanel/logs/login_log | Find out at what all times a user was unable to login to cPanel/Webmail services. |
| User logins and activity log | /usr/local/cpanel/logs/access_log | Find out what a user did after logging into cPanel. For eg. what did they upload through file manager. |
| Accounts audit log | /var/cpanel/accounting.log | See the changes to accounts like creation, owner change, deletion, etc. |
| Backup logs | /usr/local/cpanel/logs/cpbackup | See if an account was successfully backed up and when. |
| Web statistics update log | /usr/local/cpanel/logs/stats_log | See if statistics were processed for a domain. |
| cPanel license update logs | /usr/local/cpanel/logs/license_log | Find if license update had any errors. |
| Service status logs | /var/log/chkservd.log | Find at what all times various services were responding. |
| Tailwatch daemon log | /usr/local/cpanel/logs/tailwatchd_log | Trace any errors related to Tailwatch daemon’s working. |
| WebDisk logs | /usr/local/cpanel/logs/cpdavd_error_log | Trace issues related to Web Disk daemon functioning. |
| Account bandwidth usage | /var/cpanel/bandwidth/[DOMAIN_NAME] | See the history of bandwidth usage for a given domain. |
| cPanel error log | /usr/local/cpanel/logs/error_log | Trace reasons for errors returned by cPanel interfaces. |
| cPanel fatal error log | /usr/local/cpanel/logs/panic_log | Trace reasons for cPanel service crashes. |
| cPanel update log | /var/cpanel/updatelogs/* | Trace issues related to cPanel updates. |
| EasyApache installation logs | /usr/local/cpanel/logs/easy/apache/* | Cross verify errors seen in Apache with rebuild times. |
| cPanel installation log | /var/log/cpanel | Trace issues noted in cPanel installation. |
Important system and 3rd party tools logs
| Cron server log | /var/log/cron | Find out if a cron ran as per schedule. |
|---|---|---|
| Default system log file | /var/log/messages | Most system errors and events will be logged here. |
| LFD firewall log (if CSF/LFD is installed) | /var/log/lfd.log | Find out why an IP was blocked. |
| Maldetect logs (if LMD is installed) | /usr/local/maldetect/event_log | Find out what malware was detected, or why a file upload failed. |
| Server authentication logs | /var/log/secure | Find out who all tried to login to the server, and from which all IPs. |
| Server update log | /var/log/yum.log | Find out what all packages were updated, and when. |
MySQL log
| MySQL error log | /var/lib/mysql/[SERVER_NAME].err | Find out what caused a database server crash. |
|---|---|---|
| MySQL slow query log | /var/log/slowqueries | Find out which database and user has un-optimized queries. |