blog posts

  • Home
  • cPanel
  • Learn how to view logs in C Panel

Learn how to view logs in C Panel

Erfan cPanel May 23, 2022

cPanel, a control panel for hosting, is very popular among users and web admins. C Panel has a graphical management panel that most users use to handle their website affairs; Because the tools on this page are well categorized, and therefore this environment is very easy to use. However, there are practical and highly advanced methods in Command-Line mode that make it easier to troubleshoot and learn more about the server. One of the main methods is the ability to view logs in the C panel.

  • What is a log?
  • Log types in Cpanel
  • CPanel and Apache logs
  • Email logs in cPanel
  • MySQL logs in C Panel

What is a log?

Fortunately, cPanel stores most of what happens on a server as a file on the logs page. So, by looking at these logs and checking these events, you can find server problems. This way, even if you are unaware of a problem, you will be notified by looking at the logs that cPanel has saved. In this tutorial, we will examine the storage location of various logs in cPanel, such as logs: (Access) access.

Apache web server logs

  • email
  •  Error
  •  FTP
  • MySQL
  •  WHM

And many more.

Type of log in C Panel

Log types in C panel

1) Access logs and user actions

This log file is located at / usr / local / Cpanel / logs / access_log and contains the history of a user’s attempts to access their account. The information system is displayed in a standard format called Common Log Format in this file. This template shows each line of information in the following order:

  • IP address:

address IP of the client that provided the request to the server.

  • User Identified Protocol:

The cPanel and WHM services always display one of the following two things: 1) proxy for subdomain logs; 2) Dash mark (-) for other domains

  • User ID:

Verified email address or username for cPanel and WHM

  • Time:

Date and time the visitor accessed your website. The format of this item is MM / DD / YYYY /: HH: MM: SS -ZZZZ, which represents the month, day, year, hour, minute, second, and time zone, respectively, from left to right.

  • User request:

The requested line that the visitor sent to the server.

  • HTTP status:

HTTP request result

  • Response size:

The response size sent to the visitor from the server is in bytes.

  • Referrer:

The URL of the website that the visitor used to access your site.

  • Browser

The browser that the visitor used to access your site.

  • Authentication method

The method that authenticates the visitor request. It is always replaced by one of the four letters a, b, s, and o, where a stands for Access Key, b stands for Normal HTTP Authentication, s stands for Cookie, and o stands for OpenID connection.

  • X-Forwarded-For:

This section shows the client’s IP address when the user requests a connection using subdomain services (proxy domains).

  • Service port:

The port number is used by the user in their request.

Example :

192. 168 . 0 . 20 – example [ 10 / 08 / 2016 : 13 : 37 : 32 -0000 ] “GET /cpsess1234567890/frontend/paper_lantern/index.html HTTP/1.1” 200 0 “” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0” “s” “-” 2083

2) Account transfers and misc. Logs

This log is located in the / var / Cpanel / logs directory and includes account transfer reports and other miscellaneous reports.

1-cpaddonsup. 1444377665. txt
2 -cpaddonsup. 1445155265. tx
3 -cpaddonsup. 1445932864. txt

3) Auditing log (account creations, deletions, etc.)

This file contains the history of activities related to the cPanel account, such as creating and deleting an account. This log is located in the /var/cpanel/accounting.log directory.

Thu Jun 11 13 : 33 : 19 2015 :ADDRESELLER:root:root:example. com :example
Fri Oct 30 12 : 57 : 29 2015 :CHANGEOWNER:root:root:example. com :example:root:example

4) Backup Files

As the name implies, this log information is all about C-Panel backups, which can be accessed from / usr / local / Cpanel / logs / cpbackup.

1445324403. log
1445497204. log
1445925603. log
1446098403. log

5) Brute force protection (child) log

If your site is attacked by brute force, its logs are stored in /usr/local/cpanel/logs/cphulked.log.

[ 2015 10 20 03 : 27 : 14 -0500 ] info [ could ] 258355 processor shutdown via SIGTERM with PID 258355
[ 2015 10 20 03 : 27 : 44 -0500 ] info [ could ] 131586 processor startup with PID 131586

6) Cpanel DNS admin DNS clustering daemon

If dnsadmin is enabled on your server, the request logs will be located at / usr / local / cpanel / logs / dnsadmin_log.

[ 2015 10 21 13 : 33 : 19 -0500 ] info [ dnsadmin ] Reset reseller cache ‘domain1’ .
[ 2015 10 21 13 : 33 : 19 -0500 ] info [ dnsadmin ] Reset reseller cache ‘example’ .

7) Cpanel task queue processing daemon

All TaskQueue logs in cPanel are in this file and can be accessed from /usr/local/cpanel/logs/queueprocd.log.

[ 2015 10 20 03 : 27 : 31 -0500 ] info [ queueprocd ] cPanel TaskQueue Processing Daemon starting.
Starting update of 35 locales in parallel …
Updating “aa” locale …
“aa” complete.
Updating “ar” locale …
“ar” complete.

8) DB mapping

This file contains the activities related to the databases in the cPanel account. The logs of this file are visible in the directory / usr / local / Cpanel / logs / setupbmap_log.

[ 2014 05 06 02 : 57 : 08 -0500 ] info [ setupdbmap ] Begin setupdbmap
[ 2014 05 06 02 : 57 : 08 -0500 ] info [ setupdbmap ] Updating MySQL users
[ 2014 05 06 02 : 57 : 09 -0500 ] info [ setupdbmap ] Processing MySQL databases and database users …
[ 2014 05 06 02 : 57 : 09 -0500 ] info [ setupdbmap ] Finished with MySQL users

9) EasyApache build logs

The usr / local / cpanel / logs / easy / apache directory contains all logs related to EasyApache.

build. 1439814755 . env build. 1439820240 . env

10) Error log

This file contains logs for general cPanel and WHM errors, which can be found in the path usr / local / cpanel / logs / error_log.

1Cpanel::Exception:: new ( “Cpanel::Exception::ModSecurity::VendorUpdateUnnecessary” , HASH ( 0x13222cb8 )) called at /usr/local/cpanel/Cpanel/Exception. pm line 57
2Cpanel::Exception:: create ( “ModSecurity::VendorUpdateUnnecessary” , HASH ( 0x13222cb8 )) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList. pm line 285

11) Installation log

This file contains logs for installing cPanel and WHM and is located at var / log / cpanel.

2013- 07 09 16 : 39 : 57 152 ( DEBUG ) : – ssystem [ END ]
2013 07 09 16 : 39 : 57 151 ( INFO ) : – Enabling sshd
2013 07 09 16 : 39 : 57 152 ( DEBUG ) : – ssystem [ BEGIN ] : /sbin/chkconfig –level 35 sshd on
2013 07 09 16 : 39 : 57 152 ( DEBUG ) : – ssystem [ END ]
2013 07 09 16 : 39 : 57 488 ( INFO ) : Enabling cphulkd …
2013 07 09 16 : 39 : 57 495 ( INFO ) : Done
2013 07 09 16 : 39 : 57 167 ( INFO ) : cPanel install finished in 69 minutes and 29 seconds!

12) License updates and errors

All information about server certificate updates and errors is stored here. You can check this log by visiting the user / local / Cpanel / logs / license_log directory.

Thu Oct 29 19 : 11 : 05 2015 : Using full manual DNS resolution
Thu Oct 29 19 : 11 : 05 2015 : Trying server 192.168 . 0 . 20
Thu Oct 29 19 : 11 : 05 2015 : Server 192.168 . 0 . 20 on port 2089 returned:

13) Locale database modifications

This log is related to database changes and can be viewed at / usr / local / cpanel / logs / build_locale_database_log.

14) Login errors (CPSRVD)

You can see the logs of the cPanel control panel by going to the usr / local / cpanel / logs / login_log directory.

1 192.168 . 0 . 20 – user [ 07 / 10 / 2013 : 18 : 43 : 00 -0000 ] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN whostmgrd: user password hash is missing from system ( user probably does not exist )
2 192.168 . 0 . 21 – user [ 07 / 10 / 2013 : 18 : 43 : 14 -0000 ] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN whostmgrd: user password hash is missing from system ( user probably does not exist )
3 192.168 . 0 . 22 – user [ 07 / 15 / 2013 : 16 : 21 : 50 -0000 ] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN whostmgrd: user password incorrect

15) Horde

Storage of all Horde logs accessible from var / cpanel / horde / log.

horde_. log horde_stesares. log

16) RoundCube

The / var / Cpanel / RoundCube / log directory is responsible for storing logs related to the RoundCube webmail with MySQL support.

roundcube_. log

17) SquirrelMail

SquirrelMail logs are all found at var / Cpanel / SquirrelMail. (This webmail and its functions became obsolete in version 76 of cPanel and WHM and were eventually removed in version 78.)

18) Panic log In each account, if a serious and critical error occurs, the corresponding log will be saved in the path use / local / Cpanel / logs / panic_log. Note that this directory must be empty of any logs. If you see something, check it carefully and contact your hosting service immediately.

19) Per account bandwidth history (Cached) This log contains bandwidth usage history in cache or cache and is located in the directory var / Cpanel / bandwidth.cache / USERNAME. USERNAME is your username.

20) Per account bandwidth history (Human Readable)

This directory contains the bandwidth logs in each account located in the var / cpanel / bandwidth / USERNAME path. USERNAME is actually your username. fredfred-smtp-rate.rrd barney-all-rate.rrd

21) Service status logs. This log is located at var/log / chkservd.log and, as its name implies, is related to the weakness of cPanel services.

[ 2015 11 02 13 : 52 : 20 -0500 ] Service check ….queueprocd [[ check command:+ ][ socket connect:N/A ]] …named [[ check command:+ ][ socket connect:N/A ]] …mysql [[ check command:+ ][ socket connect:N/A ]] …imap [[ socket_service_auth: 1 ][ check command:+ ][ socket connect:+ ]] …ftpd [[ check command:+ ][ socket connect:+ ]] …entropychat [[ check command:N/A ][ socket connect:N/A ]] …cpsrvd [[ http_service_auth: 1 ][ check command:N/A ][ socket connect:+ ]] …cpanellogd [[ check command:+ ][ socket connect:N/A ]] …clamd [[ check command:+ ][ socket connect:N/A ]] …Done

22) Tailwatch driver tailwatchd log

The logs in user / local / Cpanel / logs / tailwatchd_log are for tail watch drivers or tailwatchd only.

1 [ 131557 ] [ 2015 10 30 13 : 00 : 00 -0500 ] [ Cpanel::TailWatch::Eximstats ] Resetting email limits to new starttime of 1446228000
2 [ 131557 ] [ 2015 10 30 14 : 00 : 00 -0500 ] [ Cpanel::TailWatch::Eximstats ] Resetting email limits to new starttime of 1446231600

23) Update analysis reporting These logs contain data related to the update process and are known as .tar files. You can view these files by going to the directory use / local / Cpanel / logs / update_analysis. The date and time of the creation of each log can be seen in their name.

2015- 08 -20T08: 15 :06Z. tar . gz
2015 09 -13T08: 15 :07Z. tar . gz
2015 10 -07T08: 15 :10Z. tar . gz

24) Update (UPCP) C panel log

You can check system update logs by visiting var / Cpanel / update logs. The date and time of file creation are specified in the naming of these logs.

Update. 1446018721 . log
update. 1446191521 . log
update. 1446367921 . log

25) WebDisk (CPDAVD)

This file, which is found in the path usr / local / cpanel / logs / cpdavd_error_log, contains error logs related to the Web Disk feature.

Starting PID 11197: updated – accepting connections on 2077 and 2078
Starting PID 11080: updated – accepting connections on 2077 and 2078

 

 

Tags:
© 2020 DED9.com

Servives

About

Solutions

Contact

  • 0015672054520
  • info@ded9.com