How to View and Manage WHM Access Logs?
WHM maintains logs of all logins and administrative actions performed in the panel. Reviewing these logs helps you monitor who has accessed the server, detect unauthorized access, and audit changes made to accounts.
View WHM Login History
- Login to WHM.
- Go to Server Configuration → User Manager or search for WHM Login History.
- Alternatively, check the server logs via the terminal if you have access.
View cPanel Account Login Logs
Each client's cPanel login history can be viewed from within their cPanel:
- Login to the client's cPanel (via WHM → List Accounts → cPanel icon).
- Go to Security → Last Login Information.
- This shows recent cPanel login IP addresses and timestamps.
Check WHM Error and Access Logs via File Manager
- Login to WHM.
- Go to a client's cPanel → Metrics → Raw Access to download website access logs.
- Or go to Metrics → Errors to view the last 300 server error log entries.
Important Log Locations on the Server
| Log File | Contains |
|---|---|
| /var/log/messages | General system messages |
| /var/log/secure | SSH login attempts and authentication |
| /usr/local/cpanel/logs/access_log | WHM/cPanel panel access log |
| /usr/local/cpanel/logs/login_log | cPanel login attempts |
| /var/log/exim_mainlog | Email delivery and rejection log |
Security Tip: If you see WHM login attempts from unfamiliar IP addresses, change your WHM password immediately and enable cPHulk brute force protection. Contact SKPHost Support if you suspect unauthorized access.
If you continue to face issues, please open a create a request.
