Find cPanel logs file for Web, Email, FTP, WHM and MySQL services

Error-Log
Error-Log

cPanel logs is a honeypot of information to quickly resolve various issues and server errors.

Below is a list of the cPanel logs most commonly used by cPanel administrators, and the commonly sought information in them.

cPanel mail logs

Incoming and outgoing mail log:-

To find what happened to email’s  sent to an outside server, or one that came into this server.

  • /var/log/exim_mainlog

POP or IMAP login or transaction records:-

To find out when the mailbox was accessed, using which IP, and if it was successful.

  • /var/log/maillog

Anti-spam logs “SpamAssassin” :-

To find out if a mail was tagged as spam and what was the reason for it.

  • /var/log/maillog

Emails rejected by Exim SMTP sever:-

  • /var/log/exim_rejectlog

To find out if a mail was rejected at connection level due to an Exim security policy.

Mailman logs

  • /usr/local/cpanel/3rdparty/mailmain/logs/*

This Logs under the directory  will shows what happened to various mailing lists.

SMTP, POP & IMAP server crash logs

  • /var/log/maillog
  • /var/log/messages
  • /var/log/exim_paniclog

Find out why Exim or Dovecot servers crashed.

SquirrelMail logs

  • /var/cpanel/squirrelmail/*

Logs related to SquirrelMail errors.

RoundCube delivery and error logs

  • /var/cpanel/roundcube/log/*

Logs under this directory shows mail delivery details and RoundCube access errors.

Horde error logs

  • /var/cpanel/horde/log/*

This Logs under  the directory show Horde errors.

cPanel FTP logs

File upload logs

  • /usr/local/apache/domlogs/ftp.[DOMAIN_NAME]-ftp_log

To find out which IP uploaded the files, under which user ownership, and status of upload.

MySQL log

MySQL error log

  • /var/lib/mysql/[HOSTNAME].err

Find out what caused a database server crash.

MySQL slow query log

  • /var/log/slowqueries

Find out which database and user has un-optimized queries.

cPanel web server logs

Web site and server error_log

  • /usr/local/apache/logs/error_log

Details of error returned in the web site.

Web site access logs

  • /usr/local/apache/domlogs/[YOURDOMAINNAME]

To find out which IP accessed the site at given time, and the status of access.

Mod Security error log

  • /usr/local/apache/logs/modsec_audit.log

Details of the mod_security deny error.

SuPHP audit log

  • /usr/local/apache/logs/suphp_log

Find out under which user ownership a script was executed.

Apache restarts through cPanel/WHM

  • /usr/local/cpanel/logs/safeapacherestart_log

Find out at what all times Apache was restarted through WHM.

SuPHP audit log

  • /usr/local/apache/logs/suphp_log

Find out under which user ownership a script was executed.

Apache restarts through cPanel/WHM

  • /usr/local/cpanel/logs/safeapacherestart_log

Find out at what all times Apache was restarted through WHM.

3rd party tools logs

Cron server log

  • /var/log/cron

To find out if a cron ran as per schedule.

Default system log file

  • /var/log/messages

Most system errors and events will be logged here.

LFD firewall log (if CSF/LFD is installed)

  • /var/log/lfd.log

To find out why an IP was blocked.

Maldetect logs (if LMD is installed)

  • /usr/local/maldetect/event_log

To find out what malware was detected, or why a file upload failed.

Server authentication logs

  • /var/log/secure

To find out who all tried to login to the server, and from which all IPs.

Server update log

  • /var/log/yum.log

To find out what all packages were updated, and when.