This interface provides information about how to connect to another web server via the SSH (secure shell) network protocol.
The SSH network protocol allows you to connect to another web server over the internet via a command line interface (CLI). You can use this network protocol to remotely manage your server, configure CGI scripts, and perform other tasks.
If you are under a Cloud Hosting or Dedicated Server subscription, SSH is another way for you to be able to connect and manage your server.
Many Unix-based operating systems include standardized commands. For a list of standardized Unix-based (POSIX) commands, read the GNU Coreutils documentation.
Connect to your server via SSH
To use PuTTY to connect to your server via SSH, perform the following steps:
In the Session interface, enter the hostname or IP address of the server in the Host Name (or IP address) text box (for example, 192.0.2.0).
Enter the port number in the Port text box (for example, 22).
Select the SSH protocol.
Click Open.
Enter your cPanel account’s username.
Enter your cPanel account’s password.
PuTTY and a private key
To log in to a server via SSH with PuTTY and a public key, perform the following steps:
From the Windows Start menu, open the client.
Navigate to the PuTTY Key Generator interface.
Under the Actions heading, click Generate. PuTTY will generate the key and display the result under the Key menu.
Copy the public key and paste it in the .ssh/authorized_keys file.
Enter a passphrase in the Key passphrase and Confirm passphrase text boxes.
Click Save private key and save the key as a .ppk file.
In the Session interface, from the Saved Sessions menu, select your preferred authorization session and click Load.
Navigate to the Auth interface under the SSH category.
Click Browse, select the private key file to upload, and click Open.
Navigate to cPanel’s Manage SSH Keys interface (Home >> Security >> SSH Access >> Manage SSH Keys) and import the server’s keys.
Manage SSH keys
This section of cPanel’s SSH Access interface allows you to create, import, manage, and remove SSH keys. The system will use these keys when you confirm that a specific computer has the right to access your website’s information with SSH.
Generate a New Key
Use this section of the interface to create new SSH key pairs, which include a public key and a private key.
To generate a new SSH key pair, perform the following steps:
Click Manage SSH Keys.
Click Generate a New Key.
To use a custom key name, enter the key name in the Key Name (This value defaults to id_rsa): text box. Note:If you use a custom key name, you must manually specify the SSH key when you log in to the server.
Enter and confirm the new password in the appropriate text boxes. Note:
This step is optional if your hosting provider sets the SSH Keys setting to 0 in WHM’s Password Strength Configuration interface (WHM >> Home >> Security Center >> Password Strength Configuration).
The system evaluates the password that you enter on a scale of 100 points. 0 indicates a weak password, while 100 indicates a very secure password.
Some web hosts require a minimum password strength. A green password Strength meter indicates that the password is equal to or greater than the required password strength.
Click Password Generator to generate a strong password. For more information, read our Password & Security documentation.
Select the desired key type.
DSA keys provide quicker key generation and signing times.
RSA keys provide quicker verification times.
Select the desired key size. Note:Greater key sizes provide more security, but they result in larger file sizes and slower authentication times.
Click Generate Key. The interface will display the saved location of the key. Important:For the new SSH key to function, you must authorize the SSH key. For more information, read the Manage your keys section.
Import Key
To import an existing SSH key, perform the following steps:
Click Manage SSH Keys.
Click Import Key.
To use a custom key name, enter the key name in the Choose a name for this key (defaults to id_dsa) text box. Important:If you use a custom key name, you must manually specify the SSH key when you log in to the server.
Paste the public and private keys into the appropriate text boxes.
Click Import.
Manage your keys
The Public Keys and Private Keys tables display the following information about your existing keys:
Name — The key’s name. Public and private keys use the same key name.
Authorization Status — Whether you authorized the key. Important:You must authorize new keys before you attempt to use them.Note:This column only displays in the Public Keys table.
Actions — You can perform the following actions:
Delete Key — Click to delete the key, and then click Yes to confirm that you wish to delete the key.
View/Download — Click to view or download the key. To download the key, save the contents of the Public SSH Key text box to your computer.
Manage — Click to manage authorization for the key. A new interface will appear. Click Authorize to authorize the key, or Deauthorize to revoke authorization for the key. Note:
You can only perform this action for public keys.
After you deauthorize a key, that key’s users cannot log in with the associated private key.
In this chapter, we will discuss about the cPanel statistics and the dashboard along with a few examples and screenshots for better understanding.
cPanel Statistics
The statistics interface of cPanel shows quick statistics of your cPanel account. It includes several types of information shown below. You will find this information in cPanel statistics.
General − It will show you the amount of bandwidth allotted to your account and also the amount of bandwidth, which is used by you. It will also show you the FTP accounts available in your cPanel account. It will also show the information of your Home directory and the IP address, from which you logged in last time. You can click on the Server Information to view the detailed information of your server.
Domain Info − In the next box, it will show you the information of main domain and the number of add-on domains, subdomains and aliases you have created.
Mail Info − This section will show the information about your emails. It will tell you how many email accounts, Autoresponder Forwarders and Filters you have created along with the total number of resource allotted.
Disk Space − In this section, the total disk space of your account is shown and also the amount of space used by MySQL database is shown along with total amount of space allotted to your account and MySQL database.
Database − This section shows the info of total number of databases you have created along with the total number of database you can create.
System Information − In this section, the statistics cPanel shows you the information of your system with total CPU usage, virtual and physical memory that is being used. It also displays information of the process you are running, the Input and Output uses and also it displays number of nodes, which means the number of files.
Your cPanel version and other server information can also be viewed in your cPanel home.
This can be found in your cPanel’s right side and click Server Information:
NGINX is a web server, load balancer, and reverse caching proxy. Like all web servers, it accepts HTTP requests and responds with HTML documents. NGINX was developed in response to perceived weaknesses in the way Apache handled network connections and requests.
Initially, Apache operated on a process-per-connection model, spawning a process for every web request. Each process was tied to a specific request and consumed a significant chunk of the host server’s resources, particularly memory. That model worked well on the early web, but modern web servers are expected to handle hundreds of concurrent connections, rapidly consuming the server’s resources.
NGINX, in contrast, has an asynchronous event-driven architecture. A master process controls worker processes, which respond to events, typically new connections, and each worker can handle multiple connections. Because workers are non-blocking, they respond to events as they occur, processing requests in turn rather than being dedicated to a single connection.
In recent years, especially with the release of Apache 2.4, Apache’s developers have worked to improve performance with new multi-processing models (MPMs), such as worker MPM and event MPM. MPMs help improves overall resource consumption, but Apache can still become resource-constrained when asked to handle too many requests.
Is NGINX Better Than Apache?
There is no simple answer to which web server is better; the only appropriate response is to ask: better for what? The differences in how Apache and NGINX are designed have implications that impact their features and performance.
NGINX is undoubtedly faster at serving static content, and benchmarks show that NGINX serves static files almost twice as fast while consuming less memory. However, NGINX cannot serve dynamic content and relies on external programs to handle the processing, whereas Apache uses internal modules. Benchmarks show that Apache and NGINX response times and concurrency handling for dynamic content are approximately equal, depending on the specifics of the scenario.
Because Apache is extensible with modules, it is easy for web hosts to add new modules to control Apache’s behavior. NGINX is configurable, but it lacks the extensibility of Apache. Adding new features to NGINX often requires recompiling, making it difficult to activate and deactivate functionality on the fly.
cPanel with NGINX as a Reverse Proxy
In addition to being a web server, NGINX is also a powerful reverse proxy and cache. A reverse proxy sits between the client (a web browser) and the server—in this case, Apache, accepting connections from the client and passing them on to the server.
When used as a reverse proxy, NGINX is very fast at serving static content while passing dynamic content onto Apache. Additionally, NGINX can act as a cache for Apache. When used as a caching mechanism, NGINX caches dynamic content for Apache and responds directly to future requests for the same content. Using NGINX with cPanel as a reverse caching proxy can substantially increase performance and reduce server load.
It is possible to manually install NGINX with Apache on a cPanel server, but installing Engintron is a faster and easier process. Engintron is a cPanel app that integrates NGINX with your cPanel server. When installing Engintron, it configures NGINX as a reverse caching proxy for static files with a caching layer for dynamic content from software such as WordPress or Magento. Utilizing cPanel’s ea-nginx script will also create a reverse proxy; however, it does not set up a caching layer for dynamic content.
CloudLinux was released to the market in 2010. Today, it is a must-have for any web host who cares about stability, security, and churn. It is used by more than 2,000 hosting companies on 20,000+ servers. CloudLinux is interchangeable with CentOS so any SysAdmin will feel right at home. Yet, it was specifically optimized for shared hosting. Web hosts that use CloudLinux report higher uptime, significant improvements in density (as much as 5x), 4x decrease in number of reboots, and 10x decrease in number of account suspension they have to perform. It has also produced a significant decrease in churn for a number of customers.
The software specifically made for web hosts running cPanel control panel with multiple accounts. If you are a shared host, or a design company that has to host sites on behalf of the client – CloudLinux is your friend.
CloudLinux + cPanel =
Improved stability by limiting the resources any single user can consume In shared hosting, the most common reason for downtime is a single account slowing down other accounts on the server. Using cPanel & WHM software with CloudLinux utilizes innovative Lightweight Virtual Environment (LVE) technology, improving the density and stability of your shared hosting environment for all tenants.
Advanced server security With unique CageFS technology, CloudLinux encapsulates each customer, preventing users from seeing each other and viewing sensitive information. It also prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
Increased server efficiency By monitoring and containing resource spikes, CloudLinux eliminates the need to leave server resources idle, providing you with the ability to host twice as many accounts on your cPanel & WHM server.
Multiple PHP versions Using CloudLinux together with cPanel & WHM software gives your customers with the flexibility to choose the PHP version that they need.
Hardened kernel The shared hosting environment is unlike any other and the CloudLinux kernel takes that into account. It can protect against symlink attacks and trace exploits, while restricting the visibility of ProcFS to only what is necessary — making your cPanel & WHM servers more secure.
This document describes the location of some the common log files in cPanel & WHM, Webmail, and MySQL®. This document also provides examples of each log file. If you have a self-managed Cloud Hosting or Dedicated Server Hosting, this article can help you with managing your server.
General
/var/log/messages
This file contains the login attempts and general error messages for the following services:
MyDNS Warning:We deprecated the MyDNS and NSD nameservers in cPanel & WHM version 78 and plan to remove them a future release. We strongly recommend that you migrate to PowerDNS. For more information, read our cPanel Deprecation Plan documentation.
PowerDNS
NSD
The SSH daemon (sshd).
The Courier mail server. Warning:We removed the Courier mail server in cPanel & WHM version 54. The Courier mail server only exists for cPanel & WHM version 11.52 and earlier.
This file contains the login attempts for the SSH daemon (sshd).
1 2 3 4 5 6
Jul 5 08:50:04 colin sshd[29856]: Accepted password for root from 10.7.6.162 port 57893 ssh2 Jul 5 08:50:05 colin sshd[29856]: pam_unix(sshd:session): session opened for user root by (uid=0) Jul 5 15:00:17 colin sshd[29856]: Received disconnect from 10.7.6.162: 11: disconnected by user Jul 5 15:00:17 colin sshd[29856]: pam_unix(sshd:session): session closed for user root Jul 6 07:57:10 colin sshd[24129]: Accepted password for root from 10.7.6.162 port 55983 ssh2 Jul 6 07:57:10 colin sshd[24129]: pam_unix(sshd:session): session opened for user root by (uid=0)
cPanel & WHM services
/home/username/.cpanel/logs
This directory contains records of errors within a user’s task queue.
1 2
Processing /home/username/example... Already had it.
/usr/local/cpanel/logs/access_log
This file contains records of when a cPanel & WHM user accesses their account.
The system displays these records in a standardized text format, called the Common Log Format. Each line displays log information in the following syntax:
IP Address — The client’s IP address (for example, 192.168.0.20).
User-identified — An unused user identification protocol field. cPanel & WHM log files always display one of the following values in this field:
proxy for a service subdomain’s log files.
A dash (-) for all other domain types.
User — A valid cPanel & WHM account name or an email address (for example, skipperdan).
Time — The date and time when the visitor accessed your website, in MM/DD/YYYY:HH:MM:SS -ZZZZ format, where:
MM represents the month.
DD represents the date.
YYYY represents the year.
HH represents the hour.
mm represents the minute.
SS represents the second.
-zzzz represents the timezone, in UTC format. For example: 10/21/1985:16:42:23 -0000
Client request — The web request that the client issued to the server (for example, GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0).
HTTP Status — The result of the HTTP request (for example, 200). For more information, read Wikipedia’s List of HTTP status codes documentation.
Response Size — The size of the object returned to the client, in bytes (for example, 1500).
Referrer — The web address from which the visitor navigated to the resource (for example, ftp://cpanel.com).
User Agent — The browser that the visitor used to access cPanel & WHM (for example, Safari).
Authentication method — The method that authenticated the request, where:
a represents Access Key/Hash.
b represents HTTP Basic Authentication.
s represents Session cookie.
o represents OpenID Connect. For example: s
The X-Forwarded-For header — The IP address of the client when the user makes a connection request via service subdomains (proxy domains) (for example, X-Forwarded: for:192.0.2.60).
Service port — The server port number that the client accessed in the request (for example, 2083).
This file contains information about when a user edits a locale.
1 2
[2014-09-28 02:55:26 -0500] info [build_locale_databases] Finished updating and modifying locales databases [2014-09-29 02:54:16 -0500] info [build_locale_databases] Begin update of locale databases
[2015-11-18 14:38:51 -0600] info [cpdavd] 162.158.64.218 NEW _dav_:mUG2YFqewzo7GzVm app=cpdavd - accepting connections on 2077 2078 2079 and 2080,method=/usr/local/cpanel/libexec/cpdavd:main [2015-11-18 14:38:51 -0600] info [cpdavd] 162.158.64.216 NEW _dav_:m9MlWdxVqpyemmP6 app=cpdavd - accepting connections on 2077 2078 2079 and 2080,method=/usr/local/cpanel/libexec/cpdavd:main [2015-11-18 14:38:51 -0600] info [cpdavd] 162.158.64.218 NEW _dav_:YZEJy7lEsXSxyz3Y app=cpdavd - accepting connections on 2077 2078 2079 and 2080,method=/usr/local/cpanel/libexec/cpdavd:main
/usr/local/cpanel/logs/cpgreylistd.log
This file contains the Greylisting daemon’s (cpgreylistd) activity logs.
1 2
[2015-10-30 11:05:39 -0500] info [cpgreylistd] Purged old records from DB. Record(s) removed: 0 [2015-10-30 12:05:39 -0500] info [cpgreylistd] Purged old records from DB. Record(s) removed: 0
[2015-08-26 12:14:29 -0500] info [cphulkd] 221257 The system encountered an error while processing a request: Broken pipe [2015-08-26 12:14:29 -0500] info [cphulkd] 221262 The system encountered an error while processing a request: Broken pipe
/usr/local/cpanel/logs/cphulkd.log
This file contains the cphulkd daemon’s activity logs.
1 2
[2015-10-20 03:27:14 -0500] info [cphulkd] 258355 processor shutdown via SIGTERM with pid 258355 [2015-10-20 03:27:44 -0500] info [cphulkd] 131586 processor startup with pid 131586
/usr/local/cpanel/logs/cpwrapd_log
This file contains the cPanel & WHM service manager daemon’s (cpsrvd) activity logs.
1 2
[1985-10-21 10:18:11 -0500] info [cpsrvd] user - [action]=[fetch] [function]=[SORTEDRESELLERSUSERS] [module]=[reseller] [namespace]=[Cpanel] [version]=[2.3] [2015-10-21 10:18:11 -0500] info [cpsrvd] user - [action]=[run] [function]=[HASDIGEST] [module]=[security] [namespace]=[Cpanel] [version]=[2.3]
/usr/local/cpanel/logs/dnsadmin_log
This file contains dnsadmin request logs.
1 2
[2015-10-21 13:33:19 -0500] info [dnsadmin] Reset reseller cache 'domain1'. [2015-10-21 13:33:19 -0500] info [dnsadmin] Reset reseller cache 'example'.
/usr/local/cpanel/logs/error_log
This file contains general cPanel & WHM errors (for example, a fatal error or timeout occurred while processing this directive error).
1 2
Cpanel::Exception::new("Cpanel::Exception::ModSecurity::VendorUpdateUnnecessary", HASH(0x13222cb8)) called at /usr/local/cpanel/Cpanel/Exception.pm line 57 Cpanel::Exception::create("ModSecurity::VendorUpdateUnnecessary", HASH(0x13222cb8)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 285
/usr/local/cpanel/logs/incoming_http_requests.log
This file contains the logs of connection requests to the cPanel account’s server.
This file contains the server’s license update logs and license errors.
1 2 3
Thu Oct 29 19:11:05 2015: Using full manual DNS resolution Thu Oct 29 19:11:05 2015: Trying server 192.168.0.20 Thu Oct 29 19:11:05 2015: Server 192.168.0.20 on port 2089 returned:
/usr/local/cpanel/logs/login_log
This file contains the login attempts to the cpsrvd daemon.
1 2 3
192.168.0.20 - user [07/10/2013:18:43:00 -0000] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password hash is missing from system (user probably does not exist) 192.168.0.21 - user [07/10/2013:18:43:14 -0000] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password hash is missing from system (user probably does not exist) 192.168.0.22 - user [07/15/2013:16:21:50 -0000] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect
This file contains information about each time that Apache restarted on the server.
1 2
[2015-10-20 03:23:07 -0500] info [safeapacherestart] Restart elapsed seconds: 2 [2015-10-30 12:57:47 -0500] info [safeapacherestart] Restart elapsed seconds: 5
/usr/local/cpanel/logs/session_log
This file contains logs of a user’s activities while they are logged in to the cPanel account.
1 2
[2015-10-29 09:27:35 -0500] info [cpsrvd] 12.3.14.75 NEW root:tvf32S0eomRni4nplg7OMXgj1kS8Jx3jhSeccZPRyHwsMIENmyhcxE17NCBDllTk address=12.3.14.75,app=whostmgrd,creator=root,method=handle_form_login,path=form,possessed=0 [2015-10-30 12:24:06 -0500] info [cpsrvd] 14.2.19.78 NEW user:TIg1FiIdR6eTnKtYr7VmYGKpYB9srb0yvjHkkA1PeYOB6Y2naymPktSsjAob3pX0 address=14.2.19.78,app=cpaneld,creator=user,method=handle_form_login,path=form,possessed=0
/usr/local/cpanel/logs/setupdbmap_log
This file contains the cPanel account’s database-related activities.
1 2 3 4
[2014-05-06 02:57:08 -0500] info [setupdbmap] Begin setupdbmap [2014-05-06 02:57:08 -0500] info [setupdbmap] Updating MySQL users [2014-05-06 02:57:09 -0500] info [setupdbmap] Processing MySQL databases and database users ... [2014-05-06 02:57:09 -0500] info [setupdbmap] Finished with MySQL users
/usr/local/cpanel/logs/stats_log
This file contains the bandwidth statistics for all of the server’s cPanel accounts.
1 2 3
[2015-10-30 12:12:30 -0500] Process bandwidth for domain1 [2015-10-30 12:12:30 -0500] Process bandwidth for domain2 [2015-10-30 12:12:30 -0500] Process bandwidth for domain3
[131557] [2015-10-30 13:00:00 -0500] [Cpanel::TailWatch::Eximstats] Resetting email limits to new starttime of 1446228000 [131557] [2015-10-30 14:00:00 -0500] [Cpanel::TailWatch::Eximstats] Resetting email limits to new starttime of 1446231600
/usr/local/cpanel/logs/panic_log
This file contains a cPanel account’s severe error logs.
/usr/local/cpanel/logs/php-fpm/error.log
This file contains PHP-FPM implementation errors. These errors include errors for the cpsrvd and cpdavd services.
Note:
This file does not include errors for customer sites.
1 2 3 4 5 6
[06-Nov-2015 08:52:18] ERROR: [pool no] please specify user and group other than root [06-Nov-2015 08:52:18] ERROR: FPM initialization failed [06-Nov-2015 08:55:32] ERROR: [pool no] please specify user and group other than root [06-Nov-2015 08:55:32] ERROR: FPM initialization failed [06-Nov-2015 08:57:52] ERROR: [pool no] please specify user and group other than root [06-Nov-2015 08:57:52] ERROR: FPM initialization failed
/var/cpanel/php-fpm/USER/logs/slow.log
This file contains scripts that run unusually slow for a user.
Note:
USER represents the cPanel account name.
/var/cpanel/php-fpm/USER/logs/error.log
This file contains the user’s error logs.
Note:
USER represents the cPanel account name.
1 2 3 4 5 6
[15-Oct-2015 16:58:14 America/Chicago] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 6689761 bytes) in Unknown on line 0 [15-Oct-2015 17:10:33 America/Chicago] PHP Fatal error: Call to a member function write() on a non-object in /usr/local/cpanel/3rdparty/php/54/lib/php/Horde/Imap/Client/Socket.php on line 4336 [23-Oct-2015 16:21:19 America/Chicago] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 72 bytes) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/imap_messages.php on line 204 [25-Oct-2015 13:01:16 America/Chicago] PHP Fatal error: Call to a member function write() on a non-object in /usr/local/cpanel/3rdparty/php/54/lib/php/Horde/Imap/Client/Socket.php on line 4336 [11-Nov-2015 17:24:29 America/Chicago] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 32 bytes) in /usr/local/cpanel/base/3rdparty/squirrelmail/functions/imap_messages.php on line 204 [30-Nov-2015 14:06:07 America/Chicago] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 72 bytes) in /usr/local/cpanel/3rdparty/php/54/lib/php/Horde/Imap/Client/Cache/Backend/Cache.php on line 493
/var/cpanel.bandwidth.cache
This file contains the cached bandwidth history for each cPanel account on your server.
1 2 3 4
bucktopia.com xtest1 domain1 domain4
/var/cpanel/accounting.log
This file contains records of cPanel account actions, such as creation and deletion.
1 2
Thu Jun 11 13:33:19 2015:ADDRESELLER:root:root:example.com:example Fri Oct 30 12:57:29 2015:CHANGEOWNER:root:root:example.com:example:root:example
2015-12-4 08:27:23 refused relay (host) to <[email protected]> from <[email protected]> H=113-43-173-020.user.example.net (smtp.example.com) [192.168.0.20]
/var/log/exim_paniclog
This file contains Exim’s severe error logs.
Warning:
This file should not contain any entries. If this file contains entries, thoroughly investigate the entries and contact your hosting provider.
/var/log/maillog
This file contains IMAP and POP3 login attempts, transactions, fatal errors, and Apache SpamAssassin™ scores.
1 2
Nov 3 10:21:30 vm5 dovecot: imap-login: Login: user=<__cpanel__service__auth__imap__orpl7flalajte5t7ahgq2joard0s3szcmltatifzmb_iqv...>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=735381, secured, session=<1adZSaUjRwB/AAAB> Nov 3 10:21:30 vm5 dovecot: imap(__cpanel__service__auth__imap__orpl7flalajte5t7ahgq2joard0s3szcmltatifzmb_iqvmragspbfcr3dkrhmzd
Directories
/var/spool/exim/input
This directory contains a log of queued incoming email messages. The system separates these logs in to subdirectories that correspond to the number or letter with which the sender’s name begins.
This directory contains the account’s Mailman logs.
./ ../ bounce error locks mischief post qrunner smtp smtp-failure subscribe vette
Memory usage
/var/log/dcpumon/YYYY/MMM/DD
This file contains information about the processes that consume the most CPU and memory.
YYYY represents a subdirectory that contains a process’s logs by month.
MMM represents a subdirectory within the YYYY directory that contains a process’s logs for each day of a month.
DD represents a subdirectory that contains a process’s log for a specific day of the month.
Note:
To interpret the data, use the /usr/local/cpanel/bin/dcpumonview file.
1 2 3 4 5 6 7
ximstats=0=0=0.456462908976875=0.002==0.001==0= mailman=0.0664235356972792=5.17983251838002=0=12.0=/usr/local/cpanel/3rdparty/bin/python -S /usr/local/cpanel/3rdparty/mailman/cron/checkdbs=6.5=[python]=0.5=crond mailnull=0=0.0561016968838195=0=0.002==0.001==0= mysql=0=8.99548891392477=0=0.002==0.001==0= named=0=0.311152278191386=0=0.002==0.001==0= nobody=0=2.77735281478296=0=0.002==0.001==0= root=5.87086377309829=24.591731611285=2=90.5=/usr/lib/rpm/rpmd --rebuilddb --verbose --verbose --verbose=43.0=cpanellogd - waiting for child to process logs=41.0=/usr/bin/python /usr/sbin/statsnotifer check-admin
/var/log/munin
This file contains the account’s Munin logs. Munin is a plugin that displays information about CPU, Exim, Apache, MySQL usage, and other information with the rrdtool utility.
1 2 3
munin-html.log munin-limits.log munin-update.log
MySQL
/var/log/mysqld.log
This file contains information about the cPanel account’s MySQL databases and errors in MySQL 5.7 and later and MariaDB 10.3 and later.
Note:
HOSTNAME represents the server’s hostname.
1 2 3 4 5 6
151030 2:57:10 [Note] InnoDB: Waiting for purge to start 151030 2:57:10 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.26-74.0 started; log sequence number 145713856 151030 2:57:10 [Note] Plugin 'FEEDBACK' is disabled. 151030 2:57:10 [Note] Server socket created on IP: '::'. 151030 2:57:11 [Note] /usr/sbin/mysqld: ready for connections. Version: '10.0.22-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server
/var/lib/mysql/HOSTNAME.err
This file contains information about the cPanel account’s MySQL databases and errors in MySQL 5.6 and earlier and MariaDB 10.2 and earlier.
Note:
HOSTNAME represents the server’s hostname.
1 2 3 4 5 6
151030 2:57:10 [Note] InnoDB: Waiting for purge to start 151030 2:57:10 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.26-74.0 started; log sequence number 145713856 151030 2:57:10 [Note] Plugin 'FEEDBACK' is disabled. 151030 2:57:10 [Note] Server socket created on IP: '::'. 151030 2:57:11 [Note] /usr/sbin/mysqld: ready for connections. Version: '10.0.22-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server
Webservers
Apache
Note:
If your system manages many domains, we recommend that you enable piped logging to reduce the number of log files that Apache manages. Piped logging allows you to pipe Apache access logs to a separate process so that Apache does not need to restart every time that it processes the logs.
You can enable piped logging in the Piped Log Configuration section of WHM’s Apache Configuration interface (WHM >> Home >> Service Configuration >> Apache Configuration).
As of cPanel & WHM version 74, we enable piped logging by default on new installations of cPanel & WHM.
/usr/local/apache/domlogs/username
This directory contains the log data for the user’s account, which exists on a webserver that runs EasyApache 3.
Note:
We removed EasyApache 3 in cPanel & WHM version 78. For more information, read the cPanel Deprecation Plan.
The system creates this directory when the cPanel Log Rotation Configuration (cpanellogd) daemon compresses and archives the data that resides in the /usr/local/apache/domlogs/domain-ssl_log and the /usr/local/apache/domlogs/domain files. This process begins when the /usr/local/cpanel/scripts/upcp script runs and the system analyzes the log data.
Note:
You can also perform this process for individual users with the /usr/local/cpanel/scripts/runweblogs command.
The system also performs the following actions:
Adds a link to the /usr/local/apache/domlogs/username directory in the /home/username/access_logs directory.
Adds a symlink to the log data backup file in the user’s /home/username/logs directory during the archive process.
This symlink allows you to access this file while the system archives the file.
The symlink’s name reflects the log file’s name, and may contain a .bkup file extension.
Note:
domain represents a domain on the cPanel account.
username represents the cPanel account’s username.
This file contains the log information for ModSecurity®.
Important:
If the Apache MPM_ITK module or Mod_Ruid2 is enabled, you can access the logs in the /usr/local/apache/modsec_audit/user directory.
1
ModSecurity: Audit log: Failed to lock global mutex: Identifier removed [hostname "www.somedomain.co.uk"] [uri "/index.<a href="http://endlessgeek.com/glossary/php/" title="Glossary: PHP" data-tooltip="PHP Hypertext Processor - originally Personal Home Page" class="glossaryLink ">php</a>"] [unique_id "U61fRE1KBCIADWZddE8AAAAP"]
/var/log/apache2/suexec_log
This file contains information about suEXEC audit logs. This is useful, for example, to diagnose internal server errors that do not produce relevant information in the error log.
Note:
You can also view Apache’s error logs in cPanel’s Errors interface (cPanel >> Home >> Metrics >> Errors).
1
[Wed Nov 04 09:55:01 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "35"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5): Request Missing a User Agent Header"] [tag "Host: "] [hostname "example.com"] [uri "/whm-server-status"] [unique_id "VjoqVQoBZCMAA7qYOM4AAAAF"]
/var/log/apache2/suphp_log
This file contains information about the suPHP Apache module audit logs. This is useful, for example, to diagnose internal server errors that do not produce relevant information in the error log.
This feature displays a list of the server’s monitored services. Items that are currently functional display a checkmark icon ().
Service Status
This section of the interface lists all of the server’s monitored services, their current version, and their status.
Select the services that you wish to monitor in the Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
You must install any plugin services before you can select them from the server’s list of monitored services.
The server profile that you select in WHM’s Server Profile interface (WHM >> Home >> Server Configuration >> Server Profile) affects which services appear in this interface.
The interface will display one of the following statuses:
up — The service is running or operational.
down — The service is not running or non-operational.
pending — The system is waiting to determine the status of the service. Note:The pending status indicates that the system has temporarily suspended monitoring for the service. The system uses this status during service restarts or installations.
cPanel & WHM servers monitor the following services by default:
clamd
cpanel-dovecot-solr
cpanellogd
cpdavd
cpsrvd
crond
exim
ftpd
httpd
imap
ipaliases
named
pop
queueprocd
rsyslogd
spamd
sshd
System Information
This section of the interface lists the server’s load, the current memory used, and the current swap space used and the status for these items.
Disk Information
This section of the interface lists the disk devices, their mount points, their current usage, and their status.
This interface displays information about your hardware configuration, such as the speed of your processor.
Server Information
The interface displays the server’s information in the following six sections:
Processor Information — This section displays specific information about your processor, which includes the vendor, the type of processor, speed, and cache size.
Memory Information — This section displays information about your server’s RAM consumption. Note:Red Hat® systems may display the following message under the Memory Information heading: Memory for crash kernel (0x0 to 0x0) notwithin permissible range. This is a common error that you can safely ignore.
System Information — This section displays your server’s operating platform (for example, Linux), hostname, manufacture date, and chipset.
Physical Disks — This section displays information about your hard disks and CD or DVD-ROM drives.
Current Memory Usage — This section displays the amount of RAM that your server currently uses.
Current Disk Usage — This section displays information about the amount of hard drive space that your server currently uses.
).
