cPanel Log file locations


cPanel Log file locations


cPanel log file locations and Basic troubleshooting, most activity that happens on a server to log files, so that you can go back and review log entries for problems, instead of having to be on the server at the time of them happening.

 

Kernel Boot & Hardware error logs

Path : /var/log/dmesg

Use the command ” dmesg ” in the root shell to display all the kernel ring buffer (last 64 K) stored in the memory. Just use ” dmesg > boot.messages ” to store the logs in the separate file, and if you want to clear the dmesg just type ” dmesg -c “.

 

System Informations

Path : /var/log/messages

Use “ tail -f /var/log/message ” to list what is going on with your system and with your dns. This logs helps the admin to find our any form of tcp/udp and other form of attacks.

Bad Login / Logout logs

Path : /var/log/btmp

Stores all the bad login and logout attempts either failure or success. Just use the lastb command to list all the log in a clear format with date/time etc to trace and block the attack source. This kind of attacks on ssh are normally done using a script with Brute force password crackers.

Login / Logout logs

Path : /var/log/wtmp

Similar to the bad login/logout this log store the good/authorized system login and logout which can be listed using ” last “  command.

Last Logins Logs

Path : /var/log/lastlog

Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user. Use the ” lastlog ” command to retrieve the data from the logs.

Authentication logs

Path : /var/log/secure

Logs all daemons which requires PAM Authentication.

Common Cpanel logs

cPanel/WHM Initial Installation Errors

Path : /var/log/cpanel*install*

Logs use to record the missing dependency or any error which its encouter during the cpanel installation process including the hardware driver failures/mis-matches.

Cpanel License Error Logs

Path : /usr/local/cpanel/logs/license_log

License and its updated information’s are stored here, if you are encountering with any license issue just execute the command /usr/local/cpanel/cpkeyclt to update the license from the cpanel.

Cpanel/WHM Accounting Logs

Path : /var/cpanel/accounting.log

Contains a list of accounting functions performed through WHM, including account removal and creation. So the administrator can make of this logs to check who deleted the account and from which ip etc.

Cpanel/WHM Service Status Logs

Path : /var/log/chkservd.log

Separate logs for the cpanel’s chkservd daemon which logs the service failure and notifications.

Cpanel Stats Daemon Logs

Path : /usr/local/cpanel/logs/stats_log

The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.

Cpanel login and access logs

Path : /usr/local/cpanel/logs/access_log

All the login attempts and logins will be logged in this logs which helps the administrator to check who logged in to the panel on which time/ip address etc.

Cpanel Bandwidth Logs

Path : /var/cpanel/bandwidth

Files contain a list of the bandwidth history for each account. Each named after their respective user.

Tailwatchd Daemon logs

Path : /usr/local/cpanel/logs/tailwatchd_log

Logs for daemon configured under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

Cpanel Ftp logs

Ftp General login and Failure

Path : /var/log/messages

FTP Data Transactions log

Path : /var/log/xferlog

Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users.

FTP account Raw logs.

Path : /usr/local/apache/domlogs/ftp.domainname-ftp_log

Store all the ftp login/transfers ftp commands, client connection status etc.

Pure-ftp log

Path : /var/log/pureftpd.log

It will be disabled by default and only works if you enable it in the /etc/pure-ftpd.conf .

Pro-ftp log

Path : /var/log/pro-ftpd.log

It will be disabled by default and only works if you enable it in the /etc/pro-ftpd.conf

Cpanel Mysql logs

MySQL General Information and Errors

Path : /var/lib/mysql/$(hostname).err

This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log.

Cpanel Apache logs

Apache Access Logs:

Path : /usr/local/apache/logs/access_log

Complete web server access log records all requests processed by the server.

General Error and Auditing Logs

Path : /usr/local/apache/logs/error_log

All exceptions caught by httpd along with standard error output from CGI applications are logged here, including apache crash etc.

Apache SuExec Logs

Path : /usr/local/apache/logs/suexec_log

Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations.

Domain Access & error logs

Path : /usr/local/apache/domlogs/domain.com

General access and error log file for each domain configured with cPanel.

Cpanel Exim logs

Mail Receive and Delivery

Path : /var/log/exim_mainlog or /var/log/exim/mainlog(FreeBSD)

Receives an entry every time a message is received or delivered.

ACLs/Policies based RejectLog

Path : /var/log/exim_rejectlog

An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail

Panic/Fatal Errors :

Path : /var/log/exim_paniclog

Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated

IMAP/POP logs

Path : /var/log/maillog & /var/log/messages

The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.

Bu cevap yeterince yardımcı oldu mu?

Diğer Dökümanlar


  • Email server troubleshooting

    Email / Exim server troubleshooting techniques. You can use the following email server troubleshooting options in your cpanel. Mostly used this command to find spam emails and bulk email senders....

  • IMAP and POP3 authentication DOS attack

    If you have IMAP and POP3 authentication constantly fails and having problems with your mail clients. Large  IMAP and POP3 authentication request, It may be DOS attack. Check your cPHulk...

  • Enable SMTP Authentication on cpanel

    POP before SMTP authentication allows you to send messages via a POP mail server for 30 minutes before you will need to re-authenticate a session through SMTP. POP before SMTP authentication is...

  • How to change Exim mail server IP address

    By default Exim will be using the main server shared IP address to send mails. If the main server IP is listed in any spam database, then we will not be able to send mails. In order to fix this, we...

  • Most used exim commands

    You can use the following most used cpanel server exim commands Show the mail in queue for $name exim -bp|grep $name View message header exim -Mvh $MSGID View message body exim -Mvb $MSGID...