MaRiOsGR66

Well-Known Member
Feb 18, 2011
111
1
68
cPanel Access Level
Root Administrator
Hello,

I have a customer claiming that some one logged in in his cpanel account and deleted all the email accounts.
Is there some kind of log file for all succesfull logins for his username to cpanel ?
 

postcd

Well-Known Member
Oct 22, 2010
717
19
68
on server are two related files:
cat /usr/local/cpanel/logs/login_log
cat /usr/local/cpanel/logs/access_log

i think login_log is better for this:

last 100 entries:
cat /usr/local/cpanel/logs/login_log | grep hisusername | tail -n100

add all user entries to a file
cat /usr/local/cpanel/logs/login_log | grep hisusername > user_loginlog
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

Yes, the cPanel access log and login log are likely the best log files to check in order to verify if this happened:

/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/login_log

Thank you.
 

MaRiOsGR66

Well-Known Member
Feb 18, 2011
111
1
68
cPanel Access Level
Root Administrator
Thank you both for the replies!!!

Is there any kind of log or function inside cpanel to show what actions were done by the client?
for example on date
-30/10/2014 username example created an email
-29/10/2014 username example deleted a mysql database
etc etc, is there something like that ?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
There are no such features within cPanel or WHM. You would have to review the log files through the command line. You are welcome to submit a feature request for that type of functionality:

Submit A Feature Request

Thank you.