How to Read Raw Access Logs in cPanel
Raw access logs record every request to your site — useful for investigating traffic spikes, suspicious activity, or a specific visitor's journey.
Step-by-step
- Open Metrics → Raw Access in cPanel.
- Enable archiving if needed — tick the options to keep logs so they are not cleared each cycle.
- Click your domain to download the current compressed log file.
- Extract and open it in a text editor — each line is one request with IP, date, requested URL, status code and user agent.
- Read the status codes: 200 = OK, 404 = not found, 301/302 = redirect, 403 = forbidden, 500 = server error (see 500 errors).
- Search for a specific IP or URL to trace activity — see finding an IP.
💡 Good to know
- For friendly graphs instead of raw lines, use AWStats.
- A flood of requests from one IP may warrant blocking it.
- Logs are large — download and analyse locally rather than in the browser.