cPanel login logs are records that track and document login activities on a cPanel hosting control panel. These logs capture important information such as the date and time of each login attempt, the IP address and hostname from which the login originated, the username used for authentication, and the success or failure status of the login.
Here we cover how to check the cPanel login logs and CWP login logs for account logins.
Related Articles
Log into cPanel Using the Direct URL
Cannot Log into WHM
Check cPanel Logs
IMPORTANT: This solution will require root access and is only available on our VPS or dedicated hosting. If root access needs to be obtained, follow the guide on requesting root access.
NOTE: The cPanel logins, also known as the cPanel access logs, are recorded in /usr/local/cpanel/logs/access_log.
- SSH into the server
- Run
cat /usr/local/cpanel/logs/access_log | grep -aE 'userna5.*GET.*login'
REPLACE: userna5 in the command above with the specific cPanel username.
NOTE: This command will list all logins on the specified user. The entire log file can be viewed withcat /usr/local/cpanel/logs/access_log.
Checking .lastlogin
NOTE: .lastlogin is available on all cPanel hosting plans.
- Log into the cPanel
- Navigate to the File Manager, located in the Files section
-
View the .lastlogin file, located in the home directory
TIP: If .lastlogin is not present, show hidden files in File Manager.
NOTE: The .lastlogin file shows a list of all IPs that have logged in and on what dates. The file is only updated when the logged-in IP changes and so not every individual login is shown.
EXAMPLE: The following is an example of the .lastlogin file contents. In this example, the IP 12.34.56.78 has been the only IP to log in since December 20, 2022. Note that each login is not tracked and the user at 12.34.56.78 has likely logged in multiple times since December 20, 2022.12.34.56.78 # 2022-07-01 13:26:07 -0400 78.56.34.12 # 2022-08-08 11:12:32 -0400 12.34.56.78 # 2022-08-08 12:38:49 -0400 78.56.34.12 # 2022-08-08 12:44:43 -0400 12.34.56.78 # 2022-08-08 15:30:26 -0400 78.56.34.12 # 2022-08-10 05:12:26 -0400 12.34.56.78 # 2022-08-10 12:56:43 -0400 34.56.78.12 # 2022-08-16 13:34:13 -0400 12.34.56.78 # 2022-08-16 14:18:26 -0400 56.34.12.78 # 2022-08-18 05:35:35 -0400 12.34.56.78 # 2022-08-18 07:06:21 -0400 12.78.56.34 # 2022-12-08 16:20:19 -0500 12.34.56.78 # 2022-12-09 08:47:59 -0500 12.78.56.34 # 2022-12-15 14:25:13 -0500 12.34.56.78 # 2022-12-20 07:48:09 -0500
Check CWP User Login Logs
- Log into the CWP User
- Navigate to the File Manager, located under File Management
- Open the .conf folder
- Right-click and select Edit Content on the .last_access.json file
NOTE: This file tracks the most recent logins and dates from all IPs to the CWP User account.
Check CWP Admin Login Logs
IMPORTANT: This solution will require root access and is only available on our VPS or dedicated hosting. If root access needs to be obtained, follow the guide on requesting root access.
- SSH into the server as root
-
Review the
/var/log/cwp_client_login.logfile
NOTE: This log only tracks logins to CWP Admin and not to individual CWP User accounts.
EXAMPLE: The following willgrepfor all successful logins.grep Successful /var/log/cwp_client_login.log
Comments
0 comments
Article is closed for comments.