The access logs, located at /usr/local/cpanel/logs/access_log, show information that may be useful to review in some circumstances as described in our article, How to interpret cPanel and WHM access logs.
Within our documentation, The cPanel & WHM Log Files, the following table exists to explain the syntax of cPanel and WHM access logs:
IP Address — The client’s IP address (for example,
User-identified — An unused user identification protocol field. cPanel & WHM log files always display one of the following values in this field:
proxyfor a service subdomain’s log files.
A dash (
-) for all other domain types.
User — A valid cPanel & WHM account name or an email address (for example,
Time — The date and time when the visitor accessed your website, in
MM/DD/YYYY:HH:MM:SS -ZZZZformat, where:
MMrepresents the month.
DDrepresents the date.
YYYYrepresents the year.
HHrepresents the hour.
mmrepresents the minute.
SSrepresents the second.
-zzzzrepresents the timezone, in UTC format. For example:
Client request — The web request that the client issued to the server (for example,
GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0).
HTTP Status — The result of the HTTP request (for example,
200). For more information, read Wikipedia’s List of HTTP status codes documentation.
Response Size — The size of the object returned to the client, in bytes (for example,
Referrer — The web address from which the visitor navigated to the resource (for example,
User Agent — The browser that the visitor used to access cPanel & WHM (for example,
Authentication method — The method that authenticated the request, where:
arepresents Access Key/Hash.
brepresents HTTP Basic Authentication.
srepresents Session cookie.
orepresents OpenID Connect. For example:
X-Forwarded-Forheader — The IP address of the client when the user makes a connection request via service subdomains (proxy domains) (for example,
Service port — The server port number that the client accessed in the request (for example,