Event Logs
Event logs capture a wide range of system and application events, including errors, warnings, information messages, and security-related events.
Location: %SystemRoot%\System32\winevt\Logs\
Application Log
This log records events related to applications, software, and programs running on the system.
Location: %SystemRoot%\System32\winevt\Logs\Application.evtx
System Log
The system log records events related to the operating system, hardware, and drivers.
Location: %SystemRoot%\System32\winevt\Logs\System.evtx
Security Log
The security log records security-related events, such as logon attempts, account changes, and other security events.
Location: %SystemRoot%\System32\winevt\Logs\Security.evtx
Setup Log
This log records events related to the installation and setup of Windows components.
Location: %SystemRoot%\Panther\
Application Compatibility Logs
These logs contain information about application compatibility issues encountered during installation or execution.
Location: %SystemRoot%\AppCompat\
Windows Update Logs
Logs related to Windows Update activities, including installation and update events.
Location: %SystemRoot%\WindowsUpdate.log
Performance Logs
Performance logs capture performance-related data and metrics for monitoring system health and performance.
Location: %SystemRoot%\System32\PerfLogs\
Internet Explorer Logs
Logs related to Internet Explorer activities, including browsing history and errors.
Location: %UserProfile%\AppData\Local\Microsoft\Internet Explorer\
Windows Defender Logs
Logs related to Windows Defender antivirus and security activities.
Location: %ProgramData%\Microsoft\Windows Defender\
Print Service Logs
Logs related to print jobs and printer activity.
Location: %SystemRoot%\System32\spool\
Remote Desktop Services Logs
Logs related to Remote Desktop Services (formerly Terminal Services) activity.
Location: %SystemRoot%\System32\winevt\Logs\TerminalServices-*
User Profile Service Logs
Logs related to user profile management and user logon/logout events.
Location: %SystemRoot%\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
W3C Extended Log Format
The most common log format, providing detailed information about HTTP requests and responses, including client IP addresses, status codes, URLs, user agents, and more.
Locations:
%SystemDrive%\inetpub\logs\LogFiles\W3SVC{SiteID}
C:\home\{Domain}\logs
D:\home\{Domain}\logs
IIS Log Files
General log files that record information about website activity, including errors, requests, and more.
Location: %SystemDrive%\inetpub\logs\LogFiles\
HTTP Error Log
This log records details about HTTP errors, including status codes and error messages.
Location: %SystemRoot%\System32\LogFiles\HTTPERR\
FTP Log Files
If you're running an FTP server through IIS, these logs capture FTP-related activity and errors.
Location: %SystemDrive%\inetpub\logs\LogFiles\MSFTPSVC{ServiceID}
SMTP Log Files
If you're using IIS as an SMTP server, these logs contain information about email-related activity.
Location: %SystemDrive%\inetpub\mailroot\SMTP\
ODBC Logging
If ODBC logging is enabled, these logs capture data related to ODBC database connections.
Location: Varies based on configuration.
Centralized Binary Logging (IIS 8.5 and later)
In newer IIS versions, centralized binary logging provides enhanced performance and security benefits.
Location: %SystemDrive%\inetpub\logs\CentralBinaryLogs\
Application Logs
These logs record application-specific information, which may include details about custom applications or modules running on IIS.
Location: Application-specific and may vary based on configuration.
Custom Logs
You can configure IIS to generate custom logs based on your specific requirements, capturing particular fields or events.
Location: Custom-defined, based on configuration.
Failed Request Tracing Logs
Failed request tracing logs are used to diagnose issues with specific requests that fail, providing detailed information about the request processing pipeline.
Location: %SystemDrive%\inetpub\logs\FailedReqLogFiles\
Application Event Logs
These logs contain information about application events, errors, and warnings generated by ASP.NET applications.
Location: Varies based on the ASP.NET application and configuration.
IIS Logs
IIS generates logs that record requests, responses, errors, and other web server-related information.
Location: Depending on the IIS version and configuration:
IIS 7 and later: %SystemDrive%\inetpub\logs\LogFiles\
IIS 6 and earlier: %SystemRoot%\System32\LogFiles\
ASP.NET Trace Logs
ASP.NET provides tracing capabilities that allow you to capture detailed information about the application's execution flow.
Location: This location is configured in the application's web.config file using the element.
Event Viewer Logs
ASP.NET events and errors might be captured in the Windows Event Viewer, including information about application start, errors, and shutdown.
Location: %SystemRoot%\System32\winevt\Logs\
Custom Application Logs
If your ASP.NET application includes custom logging mechanisms, logs might be generated in specific locations.
Location: Defined by your application's configuration and code.
Health Monitoring Logs
ASP.NET's health monitoring feature can generate logs that track application health, errors, and performance events.
Location: This location is configured in the application's web.config file using the element.
Database Logs
If your ASP.NET application interacts with databases, database-related errors might be logged by the database system.
Location: Depends on the database system being used (e.g., SQL Server, MySQL, Oracle).
Custom Log Files
ASP.NET applications can create custom log files using various logging libraries and frameworks to capture specific information.
Location: Defined by your application's code and configuration.
Windows Application Logs
Some ASP.NET applications might generate logs in the Windows Application Logs section of the Event Viewer.
Location: %SystemRoot%\System32\winevt\Logs\Application.evtx
Application Logs
These logs provide information about the execution of ColdFusion applications, including errors and debugging information.
Location: {ColdFusion_Home}/logs/
Server Logs
Server logs contain information about the ColdFusion server's activity, startup, and shutdown processes.
Location: {ColdFusion_Home}/logs/server.log
Exception Logs
Exception logs capture details about unhandled exceptions and errors that occur within ColdFusion applications.
Location: {ColdFusion_Home}/logs/exception.log
Request Logs
Request logs track details about incoming HTTP requests, including information like request URLs, response codes, and processing times.
Location: {ColdFusion_Home}/logs/
Scheduler Logs
If you use ColdFusion's scheduler to run scheduled tasks, the scheduler logs record information about the execution of these tasks.
Location: {ColdFusion_Home}/logs/scheduler.log
Mail Logs
These logs provide information about the email-related activities performed by ColdFusion, such as sending and receiving emails.
Location: {ColdFusion_Home}/logs/mail.log
Connector Logs
Connector logs contain information about interactions between ColdFusion and web servers (e.g., Apache, IIS) through connectors like mod_jk or mod_cfml.
Location: The location may vary based on the connector configuration.
Event Logs
Event logs capture ColdFusion server events and actions, providing a history of important events.
Location: {ColdFusion_Home}/logs/
Security Logs
Security logs can contain information about security-related events, such as failed login attempts and unauthorized access.
Location: {ColdFusion_Home}/logs/
Debugging Logs
Debugging logs are generated when ColdFusion applications are running in debugging mode, capturing detailed information about application execution for debugging purposes.
Location: {ColdFusion_Home}/logs/
PHP Error Log
The PHP error log records errors and warnings generated by PHP scripts.
Location: This location can be specified in the PHP configuration (php.ini) using the error_log directive. If not specified, it often defaults to the server's general error log.
Windows: php_errors.log
Linux: error_log
Slow Request Log:
Some PHP setups allow you to log slow requests that exceed a certain execution time threshold.
Location: Similar to the PHP error log, the location can be specified in the PHP configuration (php.ini).
FPM (FastCGI Process Manager) Logs
If using PHP-FPM, logs related to FastCGI process management can provide information about PHP processes and pool configuration.
Location: Varies depending on the PHP-FPM setup and configuration.
Custom Application Logs
If your PHP application has custom logging functionality, it can generate its own logs.
Location: Application-specific and defined by your application's configuration.
Database Error Logs
If your PHP application interacts with databases, database-related errors might be logged by the database system.
Location: Depends on the database system being used (e.g., MySQL, PostgreSQL, MongoDB).
Cron Job Logs
If PHP scripts are executed through scheduled tasks (cron jobs), logs can be generated for these tasks.
Location: Varies depending on the cron job setup and configuration.
Custom Log Files
PHP scripts can create custom log files using functions like error_log() to capture specific information.
Location: Defined by your application's code and configuration.
System Log (Syslog)
The system log captures general system messages, including kernel events, startup messages, and hardware-related events.
Location: /var/log/messages
Kernel Log
The kernel log records kernel-specific events and messages.
Location: /var/log/kern.log
Boot Log
This log contains information about the system boot process.
Location: /var/log/boot.log
Authentication Log
The authentication log records authentication-related events, including login attempts and authentication failures.
Location: /var/log/secure
YUM Log
Logs related to the YUM package manager, capturing information about package installations, updates, and removals.
Location: /var/log/yum.log
Cron Log
The cron log records information about scheduled cron jobs and their execution.
Location: /var/log/cron
HTTP Server Logs
Logs related to web server activities (e.g., Apache) including access logs and error logs.
Location: Depending on the web server:
Apache: /var/log/httpd/
Secure Shell (SSH) Log
The SSH log records information about SSH connections and related events.
Location: /var/log/secure
Mail Server Logs
Logs related to mail server activities (e.g., Postfix, Sendmail).
Location: Depending on the mail server:
Postfix: /var/log/maillog
Sendmail: /var/log/maillog
Database Server Logs
Logs related to database server activities (e.g., MySQL, PostgreSQL).
Location: Depending on the database server:
MySQL: /var/log/mysqld.log
PostgreSQL: /var/lib/pgsql/data/pg_log/
SELinux Logs
Logs related to SELinux, capturing security-related events and policy violations.
Location: /var/log/audit/audit.log
Firewall Logs
Logs related to firewall activities (e.g., iptables, firewalld).
Location: Depending on the firewall system:
iptables: /var/log/messages or /var/log/syslog
firewalld: /var/log/firewalld
Application Logs
Application-specific logs that might be generated by various software installed on the system.
Location: Varies based on the application's configuration.
General System Log
This file contains the login attempts and general error messages for various services.
Location: Varies based on Linux distribution in use.
Red Hat-based Servers: /var/log/messages
Ubuntu Servers: /var/log/syslog
cPanel Error Log
This log records errors related to cPanel account activities, such as email, FTP, and web traffic.
Location: /usr/local/cpanel/logs/error_log
cPanel Access Log
The cPanel access log records logins to cPanel accounts.
Location: /usr/local/cpanel/logs/access_log
cPanel License Log
The license log provides information about cPanel license verification and updates.
Location: /usr/local/cpanel/logs/license_log
cPanel Update Log
Records information about cPanel and WHM updates.
Location: /var/cpanel/updatelogs/update.{timestamp}.log
cPanel Backup Log
Logs related to cPanel backup operations.
Location: /usr/local/cpanel/logs/cpbackup
cPanel Apache Restart Log
This log records Apache restarts triggered through cPanel/WHM.
Location: /usr/local/cpanel/logs/safeapacherestart_log
WHM Error Log
Records errors related to WHM activities and configurations.
Location: /usr/local/cpanel/logs/error_log
Exim (Mail Server) Logs
Logs related to the Exim mail server used by cPanel.
Location: Depending on the Exim version and configuration:
/var/log/exim_mainlog
/var/log/exim_rejectlog
/var/log/exim_paniclog
FTP Log
Records FTP server activities and user connections.
Location: /var/log/messages or /var/log/xferlog
Bandwidth Logs
Logs related to account bandwidth usage.
Location: Varies based on the server configuration.
Addon Domain Logs
Logs related to addon domain activities and configurations.
Location: Varies based on the server configuration.
Subdomain Logs
Logs related to subdomain activities and configurations.
Location: Varies based on the server configuration.
SSL/TLS Logs
Logs related to SSL/TLS certificates and connections.
Location: Varies based on the server configuration.
See also:
https://docs.cpanel.net/knowledge-base/cpanel-product/the-cpanel-log-files/