Logs files path on Linux Server (Whm-Cpanel-server)

Linux maintains a record of a various logs that helps a administrator to keep track of important events including system error messages, system startups, and system shutdowns.

The centralized logging is provided by two daemons are syslogd and klogd. Almost all the log files generated by applications like apache, squid etc and server itself are located under /var/log directory (and subdirectory).

Some of the more important log files that a administrator should follow are as follows and you can tail/cat/more as root user.

1. cPanel/WHM Initial Installation Errors:

Path : /var/log/cpanel-install-thread.log

Description: These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations.

2. Cpanel/WHM Accounting Logs:

Path : /var/cpanel/accounting.log

Description: Contains a list of accounting functions performed through WHM, including account removal and creation.
3. Cpanel/WHM Service Status Logs:

Path : /var/log/chkservd.log

Description: The service-monitoring demon (chkservd) logs all service checks here. Failed service are represented with a – and active services are represented by +.

 

CPanel/WHM Specific Requests and Errors:

1.cPanel error logs:

Path : /usr/local/cpanel/logs/error_log

Description: cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM.

2. cPanel License Error Logs:

Path : /usr/local/cpanel/logs/license_log

Description: All license update attempts are logged here. If you run into any errors related to license when logging in, check here.

3. cPanel/WHM Update Logs:

Path : /var/cpanel/updatelogs/update-TIMESTAMP.log

Description: Contains all output from each cPanel update upcp. It’s named with the timestamp at which the upcp process was initiated.

4. Stats Daemon Logs:

Path : /usr/local/cpanel/logs/stats_log

Description: The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.

5. Client Information, Requested URL Logs:

Path : /usr/local/cpanel/logs/access_log

Description: General information related to access cPanel requests is logged here.

6. Bandwidth Logs:

Path : /var/cpanel/bandwidth

Description: Files contain a list of the bandwidth history for each account. Each named after their respective user.

7. Tailwatchd New:

Path : /usr/local/cpanel/logs/tailwatchd_log

Description: Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

 

 Apache Logs:

1. General Error and Auditing Logs:

Path : /usr/local/apache/logs/error_log

Description: All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.

2. Apache SuExec Logs:

Path : /usr/local/apache/logs/suexec_log

Description: Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…

3. Domain Access Logs:

Path : /usr/local/apache/domlogs/domain.com

Description: General access log file for each domain configured with cPanel.

4. Apache Access Logs:

Path : /usr/local/apache/logs/access_log

Description: Complete web server access log records all requests processed by the server.

5. Message Reception and Delivery:

Path : /var/log/exim_mainlog or /var/log/exim/mainlog

Description: Receives an entry every time a message is received or delivered.

6. Exim ACLs/Policies based RejectLog :

Path : /var/log/exim_rejectlog

Description: An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail

7. Unexpected or Fatal Errors:

Path : /var/log/exim_paniclog

Description: Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..

8. IMAP/POP/SpamAssassin General Logging and Errors:

Path : /var/log/maillog & /var/log/messages

Description: The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.

9. FTP Logins and General Errors:

Path : /var/log/messages

Description: General information and login attempts are logged here..

10. FTP Transactions logging:

Path : /var/log/xferlog or /var/log/messages

Description: Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users.

11. MySQL General Information and Errors :

Path : /var/lib/mysql/$(hostname).err

Description: This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log

 

Security:

1. Authentication attempts:

Path : /var/log/secure

Description: Logs all daemons, which requires PAM Authentication.

2. Tracking all Bad Logins and Logouts:

Path : /var/log/btmp

Description: Log of all attempted bad logins to the system. Accessed via the lastb command.

3. Tracking all Logins and Logouts:

Path : /var/log/wtmp

Description: The wtmp file records all logins and logouts.

4. Last Logins:

Path : /var/log/lastlog

Description: Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user.

5. WebDav or WebDisk Log :

Path : /usr/local/cpanel/logs/cpdavd_error_log

Description: The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content.

6. Cphulkd Logs:

Path : /usr/local/cpanel/logs/cphulkd_errors.log

Description: cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service….
It blacklists IPs that it thinks are trying to run a brute force attack.

7. Failure Logging:

Path : /var/log/faillog

Description: Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure.

8. Startup/Boot, Kernel & Hardware error messages :

Path : /var/log/dmesg

Description: dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..

9. LFD Logs:

/var/log/lfd.log

Tomcat:

1. General Startup, Shutdown & Error Logs:

Path : /usr/local/jakarta/tomcat/logs/catalina.err and /usr/local/jakarta/tomcat/logs/catalina.out

Description: Logs for Tomcat and all tomcat based applications.

Exim :

1. Message Reception and Delivery:

Path : /var/log/exim_mainlog or /var/log/exim/mainlog

Description: Receives an entry every time a message is received or delivered.

2. Exim ACLs/Policies based RejectLog :

Path : /var/log/exim_rejectlog

Description: An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail

3. Unexpected or Fatal Errors:

Path : /var/log/exim_paniclog

Description: Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..

4. IMAP/POP/SpamAssassin General Logging and Errors:

Path : /var/log/maillog & /var/log/messages

Description: The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.

 

General logs
Path : /var/log/message
Description : Genreal message and system releated stuff

All authentication logs files path
Path : /var/log/auth.log
Description : Authenication logs

All logs related to kernel.
Path : /var/log/kern.log
Description : Kernel logs

All logs related to cron jobs.
Path : /var/log/cron.log
Description : Crond logs

All logs related to mails
Path : /var/log/maillog
Description : Mail logs

All qmail logs files path
Path : /var/log/qmail/
Description : Qmail log directory (more files inside this directory)

Apache logs files path
Path : /var/log/httpd/
Description : Apache access and error logs directory

Light httpd logs files.
Path : /var/log/lighttpd
Description : Lighttpd access and error logs directory

All logs related to system booting process.
Path : /var/log/boot.log
Description : System boot log

Mysql logs files path.
Path : /var/log/mysqld.log
Description: MySQL database server log file

All authentication logs.
Path : /var/log/secure
Description : Authentication log

All login records are saved under the below path.
Path : /var/log/utmp or /var/log/wtmp
Description : Login records file

All yum logs files path.
Path : /var/log/yum.log
Description : Yum log files

Comments are closed.