loader image
cPanel HostingLinux Operating System

How to Grep and Tail Logs of cPanel

Hostadvizor

The following documentation will be divided into two section
1. The location of log files of cPanel and WHM
2. The grep and tail command for the logs

Section 1:

  1. Access Log: /usr/local/cpanel/logs/access_log
  2. cPanel and WHM Error logs: /usr/local/cpanel/logs/error_log
  3. cPanel User Activities: /usr/local/cpanel/logs/session_log
  4. cPanel Account Creation/Deletion: /var/cpanel/accounting.log
  5. cPanel account’s MySQL Database: /var/log/mysqld.log
  6. ModSecurity Details: /var/log/apache2/modsec_audit.log
  7. Apache Application: /usr/local/apache/logs/error_log

Section 2:

  • To Display all the details from a particular log file. For example: below will show a log file of entire Apache logs
[root@server ~]# cat /usr/local/apache/logs/error_log

[Fri Dec 22 14:43:06.848136 2023] [hostinglimits:notice] [pid 16117] mod_hostinglimits: use Min UID 0
[Fri Dec 22 14:43:06.848178 2023] [hostinglimits:notice] [pid 16117] mod_hostinglimits: version 1.0-39. LVE mechanism enabled
  • To display a particular domain name, username, or context [Grep Command]
[root@server ~]# cat /usr/local/apache/logs/error_log | grep domain.com

[Sat Dec 23 13:59:49.329947 2023] [proxy_http:error] [pid 8273] [client 87.74.32.14:33109] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://cpcontacts.domain.com/
[Sat Dec 23 17:38:43.524732 2023] [security2:error] [pid 47711] [client 152.59.65.19:47080] [client 152.59.65.19] ModSecurity: Warning. Match of "contains %{SERVER_NAME}" against "REQUEST_HEADERS:Referer" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_4_wordpress.conf"] [line "2527"] [id "77316935"] [msg "IM360 WAF: Login attempt to WordPress with empty referer||User:domain||SC:/home/domain/public_html/wp-login.php||WPU:||T:APACHE||"] [severity "NOTICE"] [tag "wp_core"] [tag "noshow"] [hostname "domain.com"] [uri "/wp-login.php"] [unique_id "ZYbNvuZbaLzM-XbUogfoRQAAAAU"], referer: https://localhost:2083/
  • To generate live logs [Tail Command]
[root@server ~]# tail -f /usr/local/apache/logs/error_log

[Tue Dec 26 13:57:06.092162 2023] [hostinglimits:notice] [pid 255165] mod_hostinglimits: found apr extention version 3
[Tue Dec 26 13:57:06.092170 2023] [hostinglimits:notice] [pid 255165] mod_hostinglimits: apr_lve_environment_init_group_minuid check ok
[Tue Dec 26 13:57:06.092485 2023] [lsapi:notice] [pid 255165] mod_lsapi:  version 1.1-72 with CRIU support
  • To generate live logs in context with a domain name [grep and tail command combined]
[root@server ~]# tail -f /usr/local/apache/logs/error_log | grep domain.com

[Tue Dec 26 13:57:06.096418 2023] [:notice] [pid 697212] [host server.domain.com] mod_lsapi:  Selfstarter 697212 started

Leave a Reply

Your email address will not be published. Required fields are marked *

You cannot copy content of this page