Many times you will run across an issue and are unsure what is happening/happened. cPanel has many logs available to the user, but it’s finding the location of these logs that is important. In this post, we will be talking about cPanel logs, and what is in the logs. You can always use the grep command or similar to search these logs for specific users, or accounts, IP’s.
Access Log
In this log, you will find what users are accessing, the timestamp when they accessed a page, IP address, and much more information. This is a great log that is filled with a lot of information, and it can also be very helpful.
/usr/local/cpanel/logs/access_log
123.123.123.123 – [email protected] [01/23/2015:22:53:10 -0000] “GET /cpsess5845664796/3rdparty/squirrelmail/src/right_main.php?mailbox=INBOX&startMessage=1&mail_sent=yes HTTP/1.1” 200 0 “https://host.myserver.com::2096/cpsess5845664796/3rdparty/squirrelmail/src/compose.php?passed_id=133690&mailbox=INBOX&startMessage=1&passed_ent_id=0” “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko” “-”
123.123.123.123 – [email protected] [01/23/2015:22:53:10 -0000] “POST /cpsess5845664796/3rdparty/squirrelmail/src/compose.php HTTP/1.1” 302 0 “https://host.myserver.com:2096/cpsess5845664796/3rdparty/squirrelmail/src/compose.php?passed_id=133690&mailbox=INBOX&startMessage=1&passed_ent_id=0” “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko” “-”
Accounts Audit Log
In this log, you can see the account changes that have been made on the server.
/var/cpanel/accounting.log
Thu Oct 23 07:18:21 2014:REMOVE:root:root:website1.com:website1
Fri Nov 21 13:34:43 2014:CREATE:root:root:website2.com:123.123.123.123:website2
Tue Dec 23 07:02:04 2014:REMOVE:root:root:website3.com:website3
Tue Jan 13 15:20:47 2014:DELRESELLER:root:root:website3.com:website3
Account Bandwidth Usage
Here you can see account usage, history, and many other things, based on the domain you want to check. For this one, you will need to an application that is able to open .rrd files as that is how this information is saved.
/var/cpanel/bandwidth/$domain
Backup Log
In this log, it will have the information of if an account was successfully backed up, and when.
/usr/local/cpanel/logs/cpbackup/$backup.log
[2015-01-14 19:07:28 -0700] Creating Archive ………………………………………………………….
[2015-01-14 19:07:28 -0700] Copying shell……
[2015-01-14 19:07:28 -0700] Done
[2015-01-14 19:07:28 -0700] Copying password…….
[2015-01-14 19:07:28 -0700] Done
[2015-01-14 19:07:28 -0700] Storing SSL domain……
[2015-01-14 19:07:28 -0700] Done
Brute Force Protection Log
In this log, you can check to see if an IP was blocked in cPHulkd, why it was blocked, the IP address, and more information.
/usr/local/cpanel/logs/cphulkd.log
Thu Jun 6 08:05:08 2013 [info] Connection service=mail ip=123.123.123.123 port= [email protected] blocked by cphulkd (IP Address listed as brute)
Thu Jun 6 16:20:27 2013 [info] Connection service=system ip=213.213.213.213 port= user=website2 blocked by cphulkd (IP Address newly listed as brute numfailed=5 max=5 reason=max_failures_byip)
Fri Jun 7 10:29:05 2013 [info] Connection service=mail ip=132.132.132.132 port= [email protected] blocked by cphulkd (IP Address newly listed as brute numfailed=5 max=5 reason=max_failures_byip)
cPanel Error Log
In this log, you can find the reason of the errors that were shown in cPanel interfaces.
/usr/local/cpanel/logs/error_log
main::_parse_auto_template(‘/usr/local/cpanel/base/frontend/paper_lantern/index.auto.tmpl’) called at cpanel.pl line 5347
main::run_standard_mode() called at cpanel.pl line 827
[2015-01-22 18:13:53 -0700] warn [Branding::applist] Encountered error in Branding::applist: No such file or directory
Duplicate logaccess: at /usr/local/cpanel/Cpanel/Server.pm line 421, <GEN15986> line 2.
Cpanel::Server::logaccess(Cpanel::Server=HASH(0x31dfe40)) called at cpsrvd.pl line 3385
cpanel::cpsrvd::logaccess() called at cpsrvd.pl line 3054
cpanel::cpsrvd::servcontent(“./robots.txt”, “text/plain”, 1, 0, 1, 1, 0) called at cpsrvd.pl line 4684
cpanel::cpsrvd::handle_unprotected_docs() called at cpsrvd.pl line 1206
cpanel::cpsrvd::handle_one_connection() called at cpsrvd.pl line 1101
cpanel::cpsrvd::script() called at cpsrvd.pl line 430
cPanel Fatal Error Log
In this log, you can find the reason why cPanel services have crashed, and the time.
/usr/local/cpanel/logs/panic_log
scripts::register_appconfig::run() called at /usr/local/cpanel/bin/register_appconfig line 15
2014-11-25 06:05:01 -0500 invalid [dnsadmin] Invalid lockfile /var/cpanel/clusterqueue/status/local.lock detected (zero size) [UID]: 0 [MTIME]: 1416913499 [ORIGINAL INODE]: 144078 [TESTED INODE]: 144078 at /usr/local/cpanel/Cpanel/Debug.pm line 34
Cpanel::Debug::log_invalid(‘Invalid lockfile /var/cpanel/clusterqueue/status/local.lock detected (zero size) [UID]: 0 [MTIME]: 1416913499 [ORIGINAL INODE]: 144078 [TESTED INODE]: 144078’) called at /usr/local/cpanel/Cpanel/SafeFile.pm line 411
cPanel Installation Log
In this log, you can see the cPanel installation log
/var/log/cpanel-install.log
2014-07-03 20:43:15 220 (DEBUG): – ssystem [BEGIN]: /sbin/chkconfig –level 35 mysql on
2014-07-03 20:43:15 220 (DEBUG): – ssystem [END]
2014-07-03 20:43:15 219 ( INFO): – Enabling sshd
2014-07-03 20:43:15 220 (DEBUG): – ssystem [BEGIN]: /sbin/chkconfig –level 35 sshd on
2014-07-03 20:43:15 220 (DEBUG): – ssystem [END]
2014-07-03 20:43:15 1755 ( INFO): Enabling cphulkd …
2014-07-03 20:43:15 1762 ( INFO): Done
2014-07-03 20:43:15 236 ( INFO): cPanel install finished in 99 minutes and 41 seconds!
cPanel License Update Log
This log contains information when license was updated, and if there were any issues.
/usr/local/cpanel/logs/license_log
Thu Jan 22 20:06:33 2015: Trying server 208.74.121.85
Thu Jan 22 20:06:34 2015: Server 208.74.121.85 on port 2089 returned:
Key Accepted
Key Follows
Thu Jan 22 20:06:34 2015: Obtained lock license file
Thu Jan 22 20:06:34 2015: Accepted license from server 208.74.121.85 on port 2089
Thu Jan 22 20:06:34 2015: License update succeeded after trying 1 server
cPanel Update Log
This is where you can find logs of the cPanel updates that have occurred.
/var/cpanel/updatelogs/
[20150122.043102] Running /usr/local/cpanel/scripts/postupcp
[20150122.043102] Running Standardized hooks
[20150122.043102] 100% complete
[20150122.043102] cPanel update completed
[20150122.043102] A log of this update is available at /var/cpanel/updatelogs/update.1421918761.log
[20150122.043102] Removing upcp pidfile
[20150122.043102] Completed all updates
=> Log closed Thu Jan 22 04:31:02 2015
EasyApache Installation Log
Here is where you will find the Apache rebuild logs, including times, errors, any much more information!
/usr/local/cpanel/logs/easy/apache/$buildlog
You can change how PHP is configured.
As root, simply execute:
/usr/local/cpanel/bin/rebuild_phpconf –help
for more information.
!! Build Complete! !!
!! Verbose logfile is at ‘/usr/local/cpanel/logs/easy/apache/build.1415291814’ !!
Login Failures on All Services
Here is where you will find all the login failures, including the time, IP address , of a user who was unable to login to cPanel/Webmail services, and some more related information.
/usr/local/cpanel/logs/login_log
12.12.12.123 – [email protected] [12/23/2014:08:23:35 -0000] “GET /cpsess84654867962/3rdparty/roundcube/?_task=mail&_refresh=1&_mbox=INBOX HTTP/1.1” FAILED LOGIN webmaild: cookie ip check: IP address has changed
23.23.32.23 – user2 [12/30/2014:11:08:51 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN cpaneld:
invalid user name specified
123.123.123.12 – user2 [01/13/2015:21:04:17 -0000] “GET /scripts/ HTTP/1.0” FAILED LOGIN whostmgrd: user password incorrect
45.45.45.45 – user3 [01/20/2015:22:00:13 -0000] “GET //user3/listaccts?api.version=1 HTTP/1.1” FAILED LOGIN whostmgrd: user password incorrect
145.145.145.145 – user4 [01/23/2015:22:10:27 -0000] “GET / HTTP/1.1” DEFERRED LOGIN cpaneld: security token missing
Service Status Log
This log contains information regarding services and when their information. This log runs on an timed interval.
/var/log/chkservd.log
[2015-01-23 14:55:52 -0700] Disk check …. /tmp (/var/tmp) [82%] … /dev/mapper/vg_nintendo-lv_root (/) [82%] … /dev/mapper/vg_nintendo-lv_home (/home) [26%] … /dev/sda1 (/boot) [13%] … /dev/sdb1 (/backup) [33%] … {status:ok} … Done
Loading services …..clamd….cpanellogd….cpsrvd….exim-26,587….ftpd….imap….lfd….named….queueprocd..Done
Service Check Started
Service Check Finished
Tailwatch Daemon Log
In this log, you will find information related to Tailwatch daemon, or errors related to Tailwatch daemon’s working.
/usr/local/cpanel/logs/tailwatchd_log
[7067] [2015-01-23 16:01:30 -0500] [Cpanel::TailWatch] [INFO] Flushing all readers
[7067] [2015-01-23 16:38:04 -0500] [Cpanel::TailWatch] [INFO] tailwatch saving positions and reloading configuration on SIG
WebDisk Log
This is the WebDisk Error log, and it contains all of the logs related to WebDisk
/usr/local/cpanel/logs/cpdavd_error_log
Starting PID 25523: cpdavd – accepting connections on 2077 and 2078
Starting PID 5977: cpdavd – accepting connections on 2077 and 2078
Starting PID 2103: cpdavd – accepting connections on 2077 and 2078
Starting PID 28598: cpdavd – accepting connections on 2077 and 2078
Starting PID 18060: cpdavd – accepting connections on 2077 and 2078
Starting PID 7126: cpdavd – accepting connections on 2077 and 2078
Web Statistics Update Log
In this log, you can check if logs were processed for a user, you can check the last reported Disk Usage, if the statistics for the account was updated, and more information regarding the statistics for the account.
/usr/local/cpanel/logs/stats_log
[2015-01-23 06:07:13 -0500] Process bandwidth for user1
[2015-01-23 07:23:53 -0500] Disk Usage for user1 on /dev/sda8 (94096/5120000)
[2015-01-23 07:23:53 -0500] Archive Status for user1: 1
[2015-01-23 07:23:53 -0500] Processing user1, fork() required to drop privs with (domains:1 domains)
[2015-01-23 07:23:53 -0500] [setuid] user1 (uid=708,gid=708)
facebook
twitter
LinkedIn