You are currently viewing Raw Access Logs in cPanel: Everything You Need to Know

Raw Access Logs in cPanel: Everything You Need to Know

Using the raw access logs function in cPanel, you can configure and download your web site’s raw log files for your analysis. Raw access logs contain information about all the visitors to your website.In this article we are going to discuss everything about Raw Access logs in cpanel.

This blog is a part of our cPanel server management services where we make sure your cPanel server works efficiently with any issues.

Understanding Raw Access Logs

Raw Access Logs allow you to see visitors on your website without displaying graphs, charts, or other graphics. You can use the Raw Access Logs menu to download a zipped version of the server’s access log for your site. This can be very useful when you want to quickly see who has visited your website.You can configure cPanel to delete the previous month’s archived log files also.After you have downloaded and decompressed the archived log file to your computer, you can view it in any text editor.

Accessing the Raw Access Logs feature in cPanel

Before you can access and use the “Raw Access Logs” option, you need to first login to the cPanel service. Once you see the default page of cPanel where all the features you see, you will need to locate the “Raw Access Logs” option. You can do that by either using the Search tool provided at the top of the page or by locating the “Metrics” features group where the “Raw Access Logs” feature is located.

When you click on the feature cPanel will redirect you to a new page called “Raw Access”. This page is considered and further referred to as the default page for the  “Raw Access Logs” feature.

Configuring and Downloading Raw Access Logs

At the top of that default page for the “Raw Access Logs” feature you will see a brief explanation of what this feature is used for. Right below that explanation, you see the first section of settings called “Configure Logs”. cPanel offers you the freedom to select how and when your logs will be generated.

The available options for you to choose from are-

Archive log files to your home directory after the system processes site statistics. The system currently processes logs every 24 hours.

Remove the previous month archived logs from your home directory at the end of each month.

By default, both of these will be enabled meaning that the logs for the websites associated with your Account will be archived and stored into your Account’s home directory under the folder “logs” every 24 hours. Also, cPanel clears the logs from the previous month logs only for the current month. You are  strongly suggested that you should leave the configuration as it is since it is configured with its optimal parameters. 

The next section is where all the raw access logs are downloaded. You should see a table view, representing all of your domains/subdomains. For each one of those, cPanel provides you with the last update of the raw access log and also the Disk Usage of the log. To download a specific log, please click on the concerned domain/subdomain.

The log starts downloading in a compressed format for quick download. Therefore, before you review the log, you will need to uncompress it first.

The last section “Archived Raw Logs” is used in case you have disabled the configuration for deletion of access logs. If that is the case, in this section you will find all the access logs for the previous months in an archived state ready to be downloaded. If not, only the access logs for the current month will be presented.

Reading Raw Access Logs

Please note that the data is in raw format, meaning that the same is not structured in any way. Therefore reviewing and analyzing the data might be an overwhelming task sometimes, especially when there are a large number of log entries for you to read. Although hard for reading, the Raw Access Logs for your websites are the perfect representation of the access rate on your websites. Their main benefit is that you can easily use the tools of a simple text editor to search and extract visits on your website in order to identify either a user or a bot. 

Now that you know where to download the access logs from, now review the content of the log. After the download of the log is finished you have to open the log file. Please note that the file is not with the .txt file extension. In fact, it does not have a file extension at all. However, you can open it with any text editing software. Once opened, the log contains each and every access entry of the chosen website. The log contains lines of data, each with the following structure:

<IP Address> – – [Date] “<Type of request> <Requested Resource> <Protocol Version>” <Web Server Response Status Code> <Size of the request> “-” “<User Agent>”

Here’s a short description of each part of the data contained on each line of the file. We will use the first entry in the same log above as our example. – – [04/Feb/2024:06:33:16 -0700] “GET / HTTP/1.1” 200 14132 “-” “Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0”

[04/Feb/2024:06:33:16 -0700] (Time Date stamp): This is the date and time the user visited your website. In this example, the visit occurred at 6:33 (AM) on Feb 4, 2024.

“GET / HTTP/1.1” (HTTP activity): this is the HTTP request which the user sends to retrieve information from your website. GET (ie. content download) and POST (ie. comment upload) are the most common.

200 14132 (Resource accessed) : Typically, it shows the relative path to a file, image or query the user viewed. The numerical value ” 200” is a three-digit code that specifies the resulting status of the request. Typical values for this code are 200 (success), 302 (redirect) and 404 (not found). The number following the response code indicates the total size (in bytes) of data downloaded for the request (14132 bytes in our example).

“-” (Referrer): It indicates where the user was visiting from (the referrer URL). In this case, the user dropped in directly.
“Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0″(User agent): Identifies the browser how the user is accessing your website. User agents are anything that can view and read web pages. Browsers and search spiders are the most common user agents.


We hope this article will help you in understanding about Raw Access logs in cPanel. We discussed everything you need to know, how to access, configure and download raw access logs, and how to read raw access logs. If you have any questions, feel free to contact our 24×7 support team. Our certified experts will clear all your doubts.