Location of the logs on the CWP servers

Apache logs are in folder

/usr/local/apache/logs

CWP server logs and server services logs, including (PhpMyAdmin/Roundcube/API):

/usr/local/cwpsrv/logs/
/usr/local/cwp/php71/var/log/

CSF & LFD firewall logs

/var/log/lfd-log

SSH logs

/var/log/secure

Yum logs

/var/log/yum.log

FTP logs

/var/log/messages

Postfix / Mail

/var/log/maillog

Failed SMTP Login example (mail client software: thunderbird, outlook):

Jun 22 17:09:20 srv1 postfix/smtpd[14076]: warning: unknown[38.10.12.80]: SASL LOGIN authentication failed: UGFzc3df4mQ6

Dovecot and Dovecot debug logs

dovecot.log
dovecot-info.log
dovecot-debug.log

Failed IMAP/POP3 Logins
/var/log/dovecot-info.log

Failed Login examle (mail client software: thunderbird, outlook):

Jun 22 18:06:25 imap-login: Info: Disconnected (auth failed, 3 attempts): user=<info@domain.com>, method=PLAIN, rip=212.12.176.56, lip=5.196.100.13, TLS

Failed Login example roundcube:

Jun 22 17:59:22 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<username@domain.net>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

Success Login roundcube:

Jun 22 18:14:20 imap-login: Info: Login: user=<username@domain.net>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=26051, secured

Success Login example (mail client software: thunderbird, outlook):

Jun 22 18:16:51 pop3-login: Info: Login: user=<username@domain.net>, method=PLAIN, rip=212.12.176.56, lip=5.192.100.13, mpid=26464, TLS

Roundcube (CWP version 160+)

/usr/local/cwpsrv/var/services/roundcube/logs/

example of /usr/local/cwpsrv/var/services/roundcube/logs/sendmail:

[22-Jun-2018 21:15:39 +0000]: <e1efa51l> User username@domain.net [11.22.33.144]; Message for someuser@gmail.com; 250: 2.0.0 Ok: queued as E7B7B21244E7

Failed Logins
/usr/local/cwpsrv/var/services/roundcube/logs/errors

example /var/log/dovecot-info.log:

Jun 22 17:59:22 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<username@domain.net>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

MySQL logs

/var/lib/mysql/HOSTNAME.err