Previously, we wrote this comprehensive blog post, with all the possible cPanel log files and the log locations. But there was not much information on how to use those log files. So I am redoing the post to have that necessary information as my readers asked.
The post will turn into a cPanel logs cheat sheet over time, helping our users find anything within CPanel log files. You better bookmark it 🙂
While working with cPanel logs, there are two fundamental questions.
- How to search
- Where are the logs located
We will address all three one by one.
How to search cPanel log files?
This is the primary concern of a part for novice cPanel admins i “How to search cPanel logs efficiently”. So here is a short lesson on that too.
Searching cPanel logs files are the same as searching any text file within Linux. You will be searching a lot of files for specific keywords or phrases. In cPanel shared hosting servers, these phrases are usually “domain names”, email addresses, and cPanel user names.
cPanel Log file can grow very large and are usually filled with a great deal of information that we do not need in day-to-day troubleshooting and management tasks. Due to the size of log files going through a file one line at a time is way out of the question. And Opening the file in any text editor like nano or vi is also of not much help as large files get too much slow, and it will be very time-consuming and tedious to do that this way.
As a cPanel server admin, you need to able to pinpoint warnings and errors, and the best tool to do that is “grep”
grep command is a versatile option to search cPanel log files. the syntax to use grep is
grep [options] [pattern] [file]
example:
grep 'keyword' /path/to/file.log
The most important is [keyword] here; it is what you want to search. If you want to search logs of a domain “my-examp.com” in apache logs, then it will be
grep 'my-example.com' /usr/local/apache/logs/error_log
Since Linux and its commands and everything within is case sensitive, you may miss cPanel log file searches because of it. To take care of this problem, you need to search log files as case insensitive. We do it with -i option
grep -i 'my-example.com' /usr/local/apache/logs/error_log
The output would show many many lines if my-example.com were a problem creating one. And in that case, it all just scrolls past the terminal screen until it reaches the end. And then you have to scroll up to read all that. Here we can use the command “less”.
So final command to search cPanel log files that you will be using all the time will become
grep -i 'my-example.com' /usr/local/apache/logs/error_log | less
One more thing that you will sometimes need within cPanel log file is context. It is to see what happened before this error and what after. For that, you may use some grep option that we will address in the next update. Or if you can buy cPanel administration services here.
Where are the cPanel logs?
This is what this article initially was about initially. We have described with each log file what information that log file holds. Different applications might have more than one log file, each containing a different type of information. Usually, there are usage logs, and there are error logs. For example, apache has a separate file to log access activity and another for apache error logs.
cPanel logs are most activity that happens on a server to log files so you can go back and check log records for issues, instead of having to be on the server at the time of them occurring.
cPanel Email logs
Exim logs:
- Exim mail delivery and receipt logs: /var/log/exim_mainlog
- Messages rejected based on polices and access control lists (ACLS): /var/log/exim_rejectlog
- Fatal & Unexpected error log: /var/log/exim_paniclog
- Mailque for incoming messages: /var/spool/exim/input/
Courier or Dovecot IMAP:
- IMAP, POP login attempts, fatal errors and spam scoring: /var/log/maillog
Mailman:
- Mailman mailing list logs: /usr/local/cpanel/3rdparty/mailmain/logs
Email clients:Â
- Horde email client logs:/var/cpanel/horde/log/
- RoundCube email client logs:/var/cpanel/roundcube/log/
- Logs related to squirrel Mail interface (was used in older cpanel versions): /var/cpanel/squirrelmail/
cPanel MariaDB/ MySQL logs
The file name is always with server hostname on the following location
- MySQL error logs file location: /var/lib/mysql/{SERVER_NAME}.err
- MySQL slow query log (slow queries logging can be enabled in my.cnf): /var/log/slowqueries
We have a detailed post about identifying MySQL Slow Queries
cPanel Apache Logs
- Apache Access Logs file location: /usr/local/apache/logs/access_log
- Apache Error logs file location: /usr/local/apache/logs/error_log
contains all Web server and CGI application error log - Apache restarts logs done through cPanel and WHM:Â /usr/local/cpanel/logs/safeapcherestart_log
- Apache domain access logs path: /usr/local/apache/domlogs/{DOMAIN}
{Domain} will replace domain name i.e.,exmaple.com - Apache SUEXEC Logs: /usr/local/apache/logs/suexec_log
- suPHP audit log: /usr/local/apache/logs/suphp_log
- Modsecurity audit logs: /usr/local/apache/logs/modsec_audit.log
- Modsecurity debug logs:/usr/local/apache/logs/modsec_debug_log
Cpanel logs
- cPanel Installation Logs: /var/log/cpanel-install-thread0.log
- cPanel Access Log:/usr/local/cpanel/logs/access_log
- cPanel Error Log:Â /usr/local/cpanel/logs/error_log
- cPanel License Log:Â /usr/local/cpanel/logs/license_log
- cPHulkd logs:/usr/local/cpanel/logs/cphulkd.log
- Stats Execution Logs:Â /usr/local/cpanel/logs/stats_log
- cPanel Backup Logs:Â /usr/local/cpanel/logs/cpbackup/*.log
- cPanel Backup transport to remote locations: /usr/local/cpanel/logs/cpbackup_transporter.log
- Account transfers and misc. logs:Â /var/cpanel/logs
- Auditing log (account creations, deletions, etc):Â /var/cpanel/accounting.log
- Cpanel dnsadmin dns clustering daemon:Â /usr/local/cpanel/logs/dnsadmin_log
- Cpanel taskqueue processing daemon:Â /usr/local/cpanel/logs/queueprocd.log
- DBmapping logs: /usr/local/cpanel/logs/setupdbmap_log
Logs about integrated applications, transfers from non-cPanel servers in relation to removing the restraint of MySQL database, usernames having to be prefixed by the cPanel account username - cPanel Panic logs: /usr/local/cpanel/logs/panic_log
- Per account bandwidth history (Cached):/var/cpanel/bandwidth.cache/{USERNAME}
- Per account bandwidth history: /var/cpanel/bandwidth/{USERNAME}
- Tailwatch driver tailwatchd log: /usr/local/cpanel/logs/tailwatch_log
- Update analysis reporting log: /usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log
- Update (UPCP) log: /var/cpanel/updatelogs/updated.{TIMESTAMP}.log
- WebDisk (CPDAVD) logs: /usr/local/cpanel/logs/cpdavd_error_log
Other services
- BIND (named) Log: /var/log/messages
- ChkServd (cPanel Monitoring Daemon) Logs: /var/log/chkservd.log
- SSHÂ Logs:Â /var/log/secure
- Pure-FTP: Â /usr/local/apache/domlogs/ftpxferlog
- Processing of log splitting: /usr/local/cpanel/logs/splitlogs_log
- EasyApache build logs: /usr/local/cpanel/logs/easy/apache/
- Locale database modifications log:/usr/local/cpanel/logs/build_locale_database_log
- Login errors (CPSRVD) log: /usr/local/cpanel/logs/login_log
- Cron job logs are common to all Linux servers: /var/log/cron
- NGINX access log location: /var/log/nginx/access.log
- NGINX error logs location: /var/log/nginx/error.log
- tomcat error logs: /usr/local/jakarta/tomcat/logs/catalina.err tomcat connections: /usr/local/jakarta/tomcat/logs/catalina.out