Tag Archives: cpanel

cPanel Logs

Posted on by
Reply

How to view the logs

There are multiple ways to view log files, here are some common ways.

tail the log, shows the 10 most recent log entries.

tail /var/log/messages

tail the log and keep monitoring it for new entries.

tail -f /var/log/messages

Find specific info in log file

cat /var/log/messages | grep texttosearch

cPanel Log Paths

Main log

/var/log/messages

Access logs

/usr/local/cpanel/logs/access_log

Access logs for a specific domain

/home/user/access-logs/domainname.com

Account Transfers/miscellaneous logs

/var/cpanel/logs

Auditing Log (Account creation and deletions)

/var/cpanel/accounting.log

Backup Logs

/usr/local/cpanel/logs/cpbackup

CPHULKD Log

/usr/local/cpanel/logs/cphulkd.log

DNSAdmin, DNS Clustering

/usr/local/cpanel/logs/dnsadmin_log

Task Queue Processing Daemon

/usr/local/cpanel/logs/queueprocd.log

DBMapping

/usr/local/cpanel/logs/setupdbmap_log

Easy Apache Build logs

/usr/local/cpanel/logs/easy/apache/

Error logs

/usr/local/cpanel/logs/error_log
/var/log/cpanel

License log

/usr/local/cpanel/logs/license_log

local database modifications

/usr/local/cpanel/logs/build_locale_database_log

Login errors CPSRVD

/usr/local/cpanel/logs/login_log

Bandwidth History

/var/cpanel/bandwidth/{USERNAME}

Service Status Logs

/var/log/chkservd.log

Tailwatch log

/usr/local/cpanel/logs/tailwatch_log

Update Analysis Reporting

/usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log

Update log UPCP

/var/cpanel/updatelogs/updated.{TIMESTAMP}.log

cPanel Email Logs

 

Horde log

/var/cpanel/horde/log/

RoundCube

/var/cpanel/roundcube/log/

Squirrel Mail

/var/cpanel/squirrelmail/

Panic log

/usr/local/cpanel/logs/panic_log

Delivery and receipt log

/var/log/exim_mainlog

Incoming mail queue

/var/spool/exim/input/

Log of messages rejected based on ACLS or other policies

/var/log/exim_rejectlog

Unexpected/Fatal error log

/var/log/exim_paniclog

IMAP, POP login attempts, transactions, fatal errors and spam scoring

/var/log/maillog

Mailman

/usr/local/cpanel/3rdparty/mailmain/logs

MySQL

MySQL error log

/var/lib/mysql/{SERVER_NAME}.err

MySQL slow query log (if enabled in my.cnf)

/var/log/slowqueries

How To “Unblock” an IP from cPHulk from the Command Line

Posted on by
Reply

cPHulk uses a MySQL database to keep track of different IP’s to block, white list, black list, etc.

When there have been X amount of failed login attempts from an IP, cPHulk adds an entry for the IP in the brutes table.

To “unblock” the IP we need to delete the entry.

open up the cPHulk MySQL database.

root@localhost [~]# mysql cphulkd

If your interested you can view all tables that cPHulk uses.

show tables;

Take a look at all the IP’s in the brutes table.

SELECT IP FROM brutes;

example:

mysql> SELECT IP FROM brutes;
+---------------+
| IP            |
+---------------+
| 30.134.41.221 |     <--  IP we want to unblock
| 31.134.40.251 |
+---------------+
2 rows in set (0.00 sec)

mysql>

To unblock the IP we just need to delete the row that has the IP address we want.

mysql> DELETE FROM brutes WHERE IP="30.134.41.221";

It should return the following.

mysql> DELETE FROM brutes WHERE IP="30.134.41.221";
Query OK, 1 row affected (0.00 sec)

mysql>

Exit MySQL.

mysql> exit
Bye
root@localhost [~]#