View Categories

How to obtain and read the Raw Access Logs in cPanel

3 min read

Introduction #

The “Raw Access Logs” feature of cPanel will allow you to download and read the access log for your website in its original form. This means that the logs will be extracted from the global web server logs and stored on your cPanel Web Hosting Account for further review and download. In the following lines of this tutorial, we will quickly review the “Raw Access Logs” feature so you can be fully aware of how to use it. 

Accessing the Raw Access Logs feature in cPanel #

Before you can access and use the “Raw Access Logs” feature, you will need to first login to the cPanel service. 

Once you see the default page of cPanel where all the features it has to offer are shown, you will need to locate the “Raw Access Logs” feature. You can do that by either using the Search tool provided at the top of the page or by locating the “Metrics” features group where the “Raw Access Logs” feature is located. 

Accessing the Raw Access Logs in cPanel

When you click on the feature cPanel will redirect you to a new page called “Raw Access“. This page will be considered and further referred to as the default page for the  “Raw Access Logs” feature. 

Configuring and Downloading Raw Access Logs #

At the top of the default page for the “Raw Access Logs” feature you will find a brief explanation of what this feature is used for. Right below that explanation, you should see the first section of settings called “Configure Logs“. cPanel provides you with the freedom to select how and when your logs will be generated. 

Configuring the Raw Access Logs in cpanel

The available options for you to choose from are:

  • Archive log files to your home directory after the system processes statistics. The system currently processes logs every 24 hours.
  • Remove the previous month’s archived logs from your home directory at the end of each month.

By default, both of these will be enabled meaning that the logs for the websites associated with your Web Hosting Account will be archived and stored into your Web Hosting Account’s home directory under the folder “logs” every 24 hours. Also, cPanel will clear the logs from the previous month preserving logs only for the current month. We strongly suggest that you should leave the configuration as it is since it is configured with its optimal parameters. 

The next section is where all the raw access logs can be downloaded. You should see a table view, representing all of your domains/subdomains. For each one of those, cPanel will provide you with the last update of the raw access log and also the Disk Usage of the log. To download a specific log, please click on the concrete domain/subdomain. 

Downloading raw access logs

The log will then start downloading in a compressed format for quicker download. Therefore, before you review the log, please bear in mind that you will need to extract it first. 

The last section is called “Archived Raw Logs” and it is used in case you have disabled the configuration for deletion of access logs. If that is the case, in this section you will find all the access logs for the previous months in an archived state ready to be downloaded. If not, only the access logs for the current month will be presented. 

Reading Raw Access Logs #

Now that you know where to download the access logs from, let’s review the content of the log. Immediately after the download of the log is finished you will have to open the log file. Please bear in mind that the file is not with .txt file extension. In fact, it does not have a file extension at all. However, you can open it with any text editing software like Notepad++ for example. 

Once opened, the log will contain each and every access entry of the chosen website. The log will contain lines of data, each with the following structure:

<IP ADDRESS> – – [DATE] “<TYPE OF REQUEST> <REQUESTED RESOURCE> <PROTOCOL VERSION>” <WEB SERVER RESPONSE STATUS CODE> <SIZE OF THE REQUEST> “-” “<USER AGENT>”

Here is an example:

22.33.44.55 – – [28/Jan/2019:12:55:44 +0000] “GET /administrator/index.php?option=com_config HTTP/1.1” 200 1925 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36”

Please bear in mind that the data is in raw format, meaning that the same is not structured in any way. Therefore reviewing and analyzing the data might be an overwhelming task sometimes, especially when there are a large number of log entries for you to read. 

Although hard for reading, the Raw Access Logs for your websites are the perfect representation of the access rate on your websites. Their main advantage is that you can easily use the tools of a simple text editor to search and extract visits on your website in order to identify either a user or a bot for example. In case you are facing difficulties obtaining or reading the access logs for your websites, please do not hesitate to contact our Technical Support Crew for further assistance on the matter. 

Powered by BetterDocs