Learn cPanel

Controlling your Web Hosting Account has never been that easy thanks to cPanel web Control Panel!

• Last Updated: 01/28/2020
• ( 5 minutes reading )

How to obtain and read the Raw Access Logs in cPanel

Introduction

The "Raw Access Logs" feature of cPanel will allow you to download and read the access log for your website in its original form. This means that the logs will be extracted from the global web server logs and stored on your cPanel Web Hosting Account for further review and download. In the following lines of this tutorial, we will quickly review the "Raw Access Logs" feature so you can be fully aware of how to use it. 

 

Accessing the Raw Access Logs feature in cPanel

Before you can access and use the "Raw Access Logs" feature, you will first need to log into your cPanel service

Once you see the default page of cPanel where all the features it has to offer are shown, you will need to locate the "Raw Access Logs" feature. You can do that by either using the Search tool provided at the top of the page or by locating the "Metrics" features group where the "Raw Access Logs" feature is located. 

 

raw-access-logs

 

Once you locate the feature, please click on it. Doing so will cause cPanel to redirect you to a new page called "Raw Access". This page will be considered and further referred to as the default page for the  "Raw Access Logs" feature. 

 

Configuring and Downloading Raw Access Logs

At the top of the default page for the "Raw Access Logs" feature, you will find a brief explanation of what this feature is used for.

Right below that explanation, you should see the first section of settings called "Configure Logs." cPanel allows you to select how and when your logs will be generated. 

 

configure-logs-options

 

The available options for you to choose from are:

  • Archive log files to your home directory after the system processes statistics. The system currently processes logs every 24 hours.
  • Remove the previous month’s archived logs from your home directory at the end of each month.

By default, both of these will be enabled meaning that the logs for the websites associated with your Web Hosting Account will be archived and stored into your Web Hosting Account's home directory under the folder "logs" every 24 hours.

Also, cPanel will clear the logs from the previous month preserving logs only for the current month. We strongly suggest that you should leave the configuration as it is since it is configured with its optimal parameters. 

The next section of the "Raw Access Log" functionality is where all the raw access logs can be downloaded. You should see a table section view representing all of your domains/subdomains.

For each one, cPanel will provide you with the last update of the raw access log and also the Disk Usage of the log. To download a specific log, please click on the domain/subdomain you want to review the logs for. 

 

download-logs

 

The log will then start downloading in a compressed format for quicker download. Therefore, before you review the log, please bear in mind that you will need to extract it on your device first. 

 

The last section is called "Archived Raw Logs" and it is used in case you have disabled the configuration responsible for the raw access log deletion.

If that is the case, in this section you will find all the access logs from the previous months in an archived state ready to be downloaded. If not, only the access logs for the current month will be presented. 

 

Reading Raw Access Logs

Now that you know where to download the access logs, let's review the content of the log and shed some light in regards to how you can draw information from it.

Immediately after the download of the log is finished, you will have to open the log file. Please bear in mind that the file is not with .txt file extension. In fact, it does not have a file extension at all. However, you can open it with any text editing software like Notepad++ for example. 

Once opened, the log will contain each and every access entry of the chosen website. The log will contain lines of data, each with the following structure:

 

<IP ADDRESS> - - [DATE] "<TYPE OF REQUEST> <REQUESTED RESOURCE> <PROTOCOL VERSION>" <WEB SERVER RESPONSE STATUS CODE> <SIZE OF THE REQUEST> "-" "<USER AGENT>"

 

Here is an example:

 

45.196.45.13 - - [10/Jul/2024:19:34:15 +0200] "GET / HTTP/1.1" 200 3601 "http://blog.hostarmadatutorials.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"

 

Please bear in mind that the data is in raw format, meaning that the same is not structured in any way. Therefore reviewing and analyzing the data might be an overwhelming task sometimes, especially when there are a large number of log entries for you to read. 

 

Although hard to read, the Raw Access Logs for your websites are the perfect representation of the access rate on your websites. Their main advantage is that you can easily use the tools of a simple text editor to search and extract visits on your website in order to identify either a user or a bot for example. In case you are facing difficulties obtaining or reading the access logs for your websites, please do not hesitate to contact our Technical Support Crew for further assistance on the matter. 

...
Nikola Zgurev
Technical Support Captain

Nikola is an accomplished tech-savvy extraordinaire with over six years of experience in the web hosting field. He started as a customer care representative and quickly rose the ranks to become a support supervisor and, eventually - the head of the technical department in HostArmada. His deep understanding of the client's needs, combined with his technical knowledge, makes him the perfect man to create the ideal harmony between client satisfaction and professional problem-solving. You will often find him creating helpful tutorials, articles, and blog posts that help existing customers get around.