Introduction
The Raw Access Logs tool in cPanel allows you to download detailed, unprocessed log files that record every visit to your website. Unlike visual tools like Awstats or Webalizer, raw logs contain complete technical data directly from the Apache server — including IP addresses, timestamps, URLs requested, user agents, and referrers.
This feature is ideal for users who want full control over traffic analysis, advanced troubleshooting, or forensic investigations.
Why Use Raw Access Logs?
Raw logs are useful when you need:
-
Advanced visitor tracking without data summarization
-
Security auditing and identifying malicious activity
-
Log importing into third-party analytics or visualization tools
-
Custom reports or correlation with external systems
-
Proof of access (for legal or compliance reasons)
How to Access Raw Access Logs
-
Log in to your cPanel account
-
Scroll to the Metrics section
-
Click on Raw Access
-
You’ll land on the Raw Access Logs configuration page
Downloading Your Logs
Under the Download Current Raw Access Logs section:
-
You’ll see all domains and subdomains hosted on your account
-
Click the domain name (e.g.,
example.com) to download its.gzlog file -
The downloaded file can be opened using any text editor after decompressing
These logs are typically rotated daily or weekly, depending on your server settings.
Understanding a Raw Access Log Entry
Each line in the log follows a standard format, for example:
Breakdown:
| Element | Description |
|---|---|
192.0.2.1 |
Visitor's IP address |
08/Jul/2025:06:20:15 |
Date and time of the request |
GET /index.html |
HTTP method and requested file |
200 |
HTTP status code (success) |
1024 |
Size of the response in bytes |
https://google.com |
Referring page |
Mozilla... |
Browser and OS used (user agent) |
Configuring Raw Access Settings
You can choose to:
-
Archive logs at the end of each month (recommended for long-term tracking)
-
Remove archived logs every 24 hours to save disk space
-
Enable or disable logging for individual domains
Check the boxes under Configure Logs based on your preference, then click Save.
How to Analyze Raw Logs
After downloading and extracting the .gz file:
-
Open it in a text editor for manual review
-
Use log analyzers like AWStats, GoAccess, Matomo, or WebLog Expert
-
Filter using scripts or command-line tools (e.g.,
grep,awk) for specific patterns
Use Cases
| Purpose | What to Look For |
|---|---|
| Investigating hacking attempts | Repeated 404 or 403 errors from same IP |
| Tracking specific visitors | Filter by IP or user agent |
| SEO crawling behavior | Look for bots like Googlebot, Bingbot |
| Building custom reports | Import logs into Excel or data visualization tools |
Best Practices
-
Download logs regularly before they are rotated or removed
-
Store archived logs securely for auditing purposes
-
Automate analysis with scripts or external tools if needed
-
Disable logging for unused subdomains to conserve disk space
Conclusion
The Raw Access Logs feature in cPanel is a powerful tool for advanced users who need complete visibility into web traffic. It gives you access to the raw, unfiltered data needed for technical analysis, security monitoring, and detailed visitor tracking. While it’s not as beginner-friendly as Awstats, it offers maximum flexibility for those who want full control over their analytics.
