This may be NginX related (specifically CPNginX). I notice that apache access_log contains all requests including those that /usr/local/cpanel/bin/splitlogs sends to the domlogs. The splitlogs documentation seems to suggest that only requests without a vhost header and those against the main host name should wind up in the access_log, but across our whole network I see everything getting dumped in there. The logging to domlogs appears to work correctly. The only reason I ask is that if this behaviour is normal then it would be so much more handy if the vhost got logged in access_log too! because currently it doesn't which seems pretty pointless from a log analysis point of view.