How to download Raw Access logs in cPanel

Category: cPanel

Raw Access logs record every HTTP request that reaches your site: the visitor’s IP, the requested URL, the response code, the date, and the browser agent, among other data. They’re useful when you want to find out which bots or IPs are causing traffic spikes, which URLs are returning 404 errors, or when you need to share exact data with support.

Before you start

  • Confirm you’re logged in to the cPanel account for the domain you want to review.
  • Logs are generated automatically; you don’t need to enable anything for them to exist.
  • cPanel keeps a log for the current day and may archive logs from previous days depending on the server configuration.
  • Downloaded files come in .gz format (compressed with gzip). You’ll need 7-Zip (Windows) or the gunzip command (Mac/Linux) to open them.

Download current logs

  1. Log in to cPanel and, under the Metrics section, open Raw Access.
  2. You’ll see a list of the domains and subdomains on your account. Find the domain whose logs you want to download.
  3. Click the domain name to download the current day’s log file directly.
  4. Save the .gz file to your computer.

Note: if your account has multiple domains, each one appears on its own row. Download the one that matches the site you’re reviewing.

Review archived logs

cPanel can save copies of logs from previous days if the option is enabled on the server. To turn it on, look for Configure Logs on the same Raw Access screen and enable archiving.

  1. On the same Raw Access screen, scroll down to the Archived Raw Logs section.
  2. If files are saved, a list of available dates appears.
  3. Click the file for the date you want to download it.

Important: if the archived section is empty, the server doesn’t retain historical logs by default. In that case, the current log is your only direct option from cPanel.

Read the downloaded file

The .gz file contains lines of text in Apache Combined Log format. Each line has this structure:

IP - - [date] "METHOD /path HTTP/version" code bytes "referrer" "user-agent"

For example:

203.0.113.15 - - [01/Jun/2026:14:23:05 -0600] "GET /wp-login.php HTTP/1.1" 200 12345 "-" "curl/7.68.0"

To read it:

  1. Decompress the .gz file with 7-Zip, The Unarchiver, or another tool.
  2. Open the resulting .log file with a plain text editor (Notepad, TextEdit, VS Code) or a log analysis tool.
  3. Search for a response code (for example, 404 for page not found, 200 for successful requests) or for the IP you want to investigate.

Final verification

Confirm the following before closing your cPanel session:

  • The .gz file downloaded without errors and is larger than 0 bytes.
  • When decompressed, the text file opens without error messages.
  • The log lines show recent dates matching the period you wanted to review.
  • If you were looking for a specific IP or URL, use Ctrl+F in your text editor to locate it.

Common errors

  • The file is 0 bytes or the link downloads nothing → the domain has received no traffic yet or logs are being rotated → wait a few minutes and try again.
  • The .gz file won’t open → the download did not complete and the file is truncated → download it again from cPanel.
  • No archived files appear → the server does not have log archiving enabled → contact support to request logs from past dates.

Still need help?

If this guide didn’t solve your issue, our team can help you via ticket.