GoDaddy Help

Review domain access log

Domain access logs can include what pages people are viewing, if the page loaded, or if the page gave an error. Reviewing a domain's access log can be helpful in troubleshooting issues like DDOS attacks & site compromises.

Why would I need to review this log?

  • Your site is not working as intended.
  • Your site was compromised.
  • Visitors receive errors (ie. 500, 404) in various sections of your site.

Log location

WHM/cPanel

/usr/local/apache/domlogs/

Plesk

/var/www/vhosts/domain_com/logs

How can I review this log?

SSH

SSH allows you to access, view and manipulate the full log with tools such as vim or grep.

Plesk:

  1. Log in to Parallels Plesk Panel as admin.
  2. If necessary, switch to Service Provider view.
  3. From the Hosting Services menu, select Domains.
  4. Select the domain name you want to review.
  5. Select Logs under Dev Tools.
  6. Choose the log to review from the dropdown menu on the top right (default: all logs).

WHM/cPanel:

There are two sections within cPanel that you can access logs:
  1. The File Manager in the logs folder.
  2. Raw Access under Metrics.

Example entries found in a domain access log

What information can you find in this log?

  • If a particular visitor or IP address is visiting your site frequently, or attempting something malicious, you may see it here.
  • A GET request is from someone viewing content on your site. A POST requst indiciates that someone is interacting with the site (for example, submitting a contact form or attempting to log in to a website dashboard).
  • A POST request repeated frequently and rapidly indicates that someone may be attempting a brute-force login attempt, or they may be attempting to abuse a contact form.
  • If you see numerous 404 errors in this log, a visitor is attempting to visit pages that don't exist.

127.0.0.1 - - [21/Sep/2021:20:13:53 -0400] "GET /favicon.ico HTTP/1.0" 200 254 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
127.0.0.1 - - [19/Jan/2022:17:18:22 -0500] "POST /wp-cron.php?doing_wp_cron=1642630701.8854188919067382812500 HTTP/1.1" 200 3208 "https://acooldomain.com/wp-cron.php?doing_wp_cron=1642630701.8854188919067382812500" "WordPress/5.8.3; https://acooldomain.com"
127.0.0.1 - - [19/Jan/2022:15:06:30 -0500] "GET /?author=2 HTTP/1.1" 404 14103 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"   

Related Steps

Review the PHP error log.

More Info

Find and review web server logs.