cPanel logs locations for Web, Mail, FTP, WHM and MySQL services
cPanel logs provide a goldmine of information to quickly resolve various customer issues and server errors.
Here’s a list of the cPanel logs most commonly used by our expert server administrators, and the commonly sought information in them.
cPanel mail logs – SMTP (Exim), POP/IMAP (Courier/Dovecot) and Webmail (Horde/RoundCube/Squirrelmail)
|Incoming and outgoing mail log||/var/log/exim_mainlog – Find out what happened to an email sent to an outside server, or one that came into this server.|
|POP or IMAP login/transaction records||/var/log/maillog – Find out when a mailbox was accessed, from which IP, and if it was successful.|
|Anti-spam logs (eg. SpamAssassin)||/var/log/maillog – Find out if a mail was tagged as spam, and the reason for it.|
|Mails rejected by Exim SMTP sever||/var/log/exim_rejectlog – Find out if a mail was rejected at connection level due to an Exim security policy.|
|SMTP/POP/IMAP server crash logs||/var/log/messages,|
/var/log/exim_paniclog – Find out why Exim/Courier/Dovecot servers crashed.
|Mailman logs||/usr/local/cpanel/3rdparty/mailmain/logs/* – Logs under this directory shows what happened to various mailing lists.|
|RoundCube delivery and error logs||/var/cpanel/roundcube/log/* – Logs under this directory shows mail delivery details and RoundCube access errors.|
|Horde error logs||/var/cpanel/horde/log/* – Logs under this directory show Horde errors.|
|SquirrelMail logs||/var/cpanel/squirrelmail/* – Logs related to SquirrelMail errors.|
cPanel web server logs – Apache
|Web site access logs||/usr/local/apache/domlogs/[DOMAIN_NAME] – Find out which IP accessed the site at a given time, and the status of access.|
|Web site and server error log||/usr/local/apache/logs/error_log – Details of error returned in the web site.|
|Mod Security error log||/usr/local/apache/logs/modsec_audit.log – Details of the mod_security deny error.|
|SuPHP audit log||/usr/local/apache/logs/suphp_log – Find out under which user ownership a script was executed.|
|Apache restarts through cPanel/WHM||/usr/local/cpanel/logs/safeapacherestart_log – Find out at what all times Apache was restarted through WHM.|
cPanel FTP logs – ProFTPd/PureFTPd
|File upload logs||/usr/local/apache/domlogs/ftp.[DOMAIN_NAME]-ftp_log – Find out which IP uploaded the files, under which user ownership, and status of upload.|