GridPane Logs – How to Find Them and When to Use Them

15 min read

Introduction

Knowing where your logs are and what they keep track of is an important part of managing your WordPress web hosting business. In this article, we’ll take a look at where you can go to view your server logs, and when you might want to check them. Some, for example the SSL log and Nginx error logs, are particularly important and you’ll refer to some of these logs a lot more than others.

There’s also the “Server Health Check” function and log which we’ll briefly cover here as well, and there will be a link to a more in-depth article. This is a pretty awesome feature that’s custom-built for GridPane, and it’s something you’ll want to check out and make use of somewhat regularly.

You can view almost all of your logs directly within your dashboard. The only current exceptions are the Web Application Firewall logs which are detailed in part 5.

  1. Server Logs
  2. MySQL Slow Log
  3. Website Specific Logs
  4. PHP Slow Log
  5. WAF Logs
  6. Accessing Your Logs Directly and/or Downloading Your Logs

GridPane Server Logs

These logs contain information relating to your server as a whole.

You can view your server logs by heading to the Servers page inside your GridPane account, and clicking on the name of your server.

This will open up the server customizer modal as shown in the image below, and the logs are contained in the Logs tab. To open up a log, simply click on the icon next to the log name in the view column.

Auth Log

The auth log is responsible for logging all authentication-related events. You can use this log to view failed login attempts, identify brute force attacks, or anything that related to suspicious authentication attempts.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/php/auth.log

Fail2Ban Log

The Fail2Ban log is responsible for logging all Fail2Ban related events. Here you can check on IPs that have been banned/unbanned. You’ll notice a lot of “Found”, which means these IPs are logged, but not exceeding the thresholds for bad behaviour that result in an actual ban.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/fail2ban.log

GP Clone Log

The GridPane Clone Log keeps track of all website cloning events. If you clone any of the websites on your server, it will be logged here. If you experienced a cloning failure, you can check this log for details of what may have gone wrong.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/opt/gridpane/gpclone.log

Health Check Log

The Health Check Log will be created when you run your first server health check. It will perform a series of checks on your server and then give it a score. You can use the information in this log to help determine when it’s time to scale up, free up disk space, and spot/diagnose other potential issues that could cause or be causing your websites issues. It can take several minutes to complete, and will then display the results directly in the log.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/health-check.log

Monit Log

The Monit Log keeps track of events related to the services it monitors. Here you’ll see when Monit detects errors and restarts services them to keep your server fully operational. If you’re experiencing issues specific to a service (Nginx, MySQL, PHP, Redis), you’ll be able to get a good look at what’s going on inside your server with this log.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/monit.log

UFW Log

UFW stands for Uncomplicated Firewall. It’s a program for managing a netfilter firewall. While “uncomplicated” is true in it’s setup, reading the logs is actually a little complicated. For a thorough walkthrough on how to make sense of the events in this log, this answer on AskUbuntu gives a step by step explanation.

It’s unlikely you will ever need to check this log, however, we include it here to be thorough and make access to it easy for veteran Sysadmins.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/ufw_log

Certbot Monitoring Log

The Certbot Monitoring Log keeps track of SSL certificate renewals for SSL’s that were provisioned using the webroot method – the website is not using a DNS API integration, and was provisioned after the DNS records were changed. If you’ve had a notice about an SSL certificate failing to renew, this log will provide the answers as to why it failed.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/opt/gridpane/certbot.monitoring.log

Acme Monitoring Log

The Acme Monitoring Log keeps track of SSL certificate renewals for SSL’s that were provisioned using the DNS API Full method, or API Challenge method. It’s extremely rare that SSL’s provisioned this way later fail, but should you have any trouble this log will provide insight into what’s happened.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/opt/gridpane/acme.monitoring.log

MySQL Error Log

The MySQL Error Log keeps track of startup and shutdown times, and any errors that may occur during this process. They also log if any tables need to be checked/repaired. If you’re experiencing any database related issues on any of your sites, you may find helpful info in this log.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/mysql/error.log

PHP 7.1 FPM Log

The PHP 7.1 FPM Log probably isn’t going to be a log you’ll ever need to view. It’s here while we still offer support for PHP 7.1, but you should look at upgrading to 7.3 or 7.4 ASAP. This log keeps track of PHP 7.1 startup and restart events.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/php7.1-fpm.log

PHP 7.2 FPM Log

The PHP 7.2 FPM Log keeps track of PHP 7.2 startup and restart events.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/php/php7.2-fpm.log

PHP 7.3 FPM Log

The PHP 7.3 FPM Log keeps track of PHP 7.3 startup and restart events.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/php/php7.3-fpm.log

PHP 7.4 FPM Log

The PHP 7.4 FPM Log keeps track of PHP 7.4 startup and restart events.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/php/php7.4-fpm.log

Redis Log

The Redis Log keeps track of all Redis related events being saved on your server. This includes shutdowns, restarts, and memory usage.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/redis/redis-server.log

Syslog

Syslog can actually refer to a few different things – the syslog service, the syslog protocol, and/or a syslog message. For our purposes here, this log is a system related events log.

If you’d like to dig deeper into the Linux Syslog, this article over at Loggly.com is a good place to start:

https://www.loggly.com/ultimate-guide/linux-logging-basics/

It’s unlikely you will ever need to check this log, however, we include it here to be thorough and make access to it easy for veteran Sysadmins.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/syslog

Automated Backups Monitoring Log

The GridPane Backups log keeps track of all the website backups that take place on your server. If you want to check when specific websites are being backed up, they will be detailed in this log.

/opt/gridpane/backups.monitoring.log

MySQL Slow Log

The MySQL slow query log is where the MySQL database server will log all queries that exceed the time (in seconds) that you specify. This can be particularly helpful on database intensive websites, such as WooCommerce stores, to help identify long running processes, and fixing them for better performance.

Step 1. Turn on Slow Query Logging

The MySQL slow log is also located within the Server customizer inside the MySQL tab:

Toggle “slow_query_log” to ON.

Step 2. Set the Time

Next, set the minimum time that you want queries to have to exceed to be logged in the “long_query_time (seconds)” settings of the MySQL tab.

Step 3. Restart MySQL

To make your changes take effect, hit the Restart MySQL button.

Step 4. Check your logs

Depending on how busy your website is, it may take some time to gather information, but this will vary on a website by website basis.

Slow Log Server Location

The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/mysql/error.log

Website Specific Logs

Your website specific logs are going to be the first place you head to in many instances if/when you need to start diagnosing any issues that occur. The SSL provision log and the Nginx site error log in particular will be of great help in diagnosing SSL and performance related issues. Our support team may also ask you to provide us with information from these logs if you reach out to us for assistance.

You can view your website specific logs heading to the Sites page inside your GridPane account, and clicking on the name of your website.

This will open up the website configuration/customizer modal, and the logs are contained in the Logs tab.

Log Location Note

Below you'll see the locations for each log contain "site.url" in the file paths. To view your website logs, you will need to replace this with your domain name. For example:

/var/www/site.url/logs/debug.log
Would look like the following, just with your own domain:
/var/www/gridpane.com/logs/debug.log

Secure WP Debug Log

If you’ve turned on WP Debug, all debug related events will be logged here. If you’d like to learn more about using WP Debug along with the Query Monitor plugin (which will be auto-installed on your website when you flip the Enable Secure WP Debug toggle to ON), check out this article.

Be sure to always turn debug off once you’ve finished using it.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/debug.log

GridPane General Log

The general logs keep track of the changes made to your website in the site customizer. You can view changes that have been made to your site in this log.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/gridpane-general.log

Domains Log

The Domains Log keeps track of events related to domain addons (alias and redirects), and primary domain swaps. If you need to retrace the history of a website when it comes to the domains attached to it, you’ll be able to find date and times for all events in this log.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/gridpane-general.log

Single Sign-On (SSO) Log

The SSO log tracks Single Sign-On events, including the magic link associated with each login. If you’ve experienced trouble with SSO, you’ll be able to check this log for more information, and also find the link that’s been created. These links expire after 15 minutes or immediately after they have been used. You may still be able to SSO into your sites by copying and pasting these links if they aren’t opening in a new window for you.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/sso.log

SSL Provision Log

The SSL provision log keeps track of all SSL provisioning attempts, and includes detailed information about each process. This is one of the most commonly used logs, and if you experience an SSL failure, this log will be the first place you should check. All failed SSL attempts include a detailed reason as to why they failed, and you will need to use this information to make the necessary corrections before attempting to provision another SSL certificate.

The most common reason will be that your DNS records are not correct. Please see this article for further diagnosing SSL related issues:

Diagnosing and Fixing SSL Certificate Issues

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/ssl-provision.log

Staging Push Log

The Staging Push Log records all instances of any Live -> Staging, or Staging -> Live pushes. If you experienced a staging push fail, this log will help identify the reason for the failure.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/staging.log

Nginx Site Access Log

The Nginx Site Access Log records the IP addresses of those that visit your websites, what they do, what browser they use, the names of the bots that crawl your site, and more.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/nginx/site.url.access.log

Nginx Site Error Log

The Nginx Site Error Log records all general website errors. This is one of the logs you should familiarise yourself with as it will help identify all kinds of potential issues like plugin conflicts, PHP errors, timeouts, and more, that can help you pinpoint the source of performance-related issues. If you’re experiencing any kind of strange behaviour on one of your websites, this log should be the first place you check, and from there you can begin digging deeper into the issue.

ModSecurity Firewall events are also logged here.

Server Location
The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/log/nginx/site.url.error.log

PHP Slow Log

The PHP slow log, like the MySQL slow query log, is useful for diagnosing long running processes that are having a negative affect on your websites performance. Below we’ll look at how to configure it so that you can begin diagnosing individual sites as needed.

Step 1. Navigate to the PHP Slowlog tab

The PHP Slow log is also located in the website configuration modal, inside the PHP tab:

Step 2. Turn Slow-logging ON

Toggle “Enable Site PHP-FPM Slowlog” to ON.

Step 3. Configure Logging Parameters

The “request_slowlog_timeout (seconds)” sets the minimum time a process has to run before it will be logged.

The “request_slowlog_trace_depth” sets how many functions proceeding the slow running process should be logged.

Step 4. Check back soon

Allow some time for data to be collected and check the log for slow running processes.

Server Location

The log name will vary depending on which version of PHP you’re using, but it will be located in /var/log . The log will be your websites name, followed by the PHP version without the “.” between the two numbers.

Here’s an example for PHP 7.3:

/var/log/site.url73.log.slow

Web Application Firewall Logs

Firewalls can sometimes have unexpected results, such as blocking plugins or external service that you’re trying to use. To begin diagnosing these issues, we have detailed examples in each of our Firewall Knowledge Base articles.

These logs each record all firewall related events for your individual websites, and you can use them to diagnose the specific rules that are being broken by the plugin/service you’re trying to use.

Below we’ll quickly cover where you can find WAF logs for your individual websites.

6G WAF

The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/6g.log

KB Article: Using the GridPane 6G Web Application Firewall

7G WAF

The log can be found here when accessing your server via SSH or SFTP as the Root user:

/var/www/site.url/logs/7g.log

Full KB Article: Using the GridPane 7G Web Application Firewall

ModSecurity WAF

ModSecurity events are logged in the Nginx Site Error Log, detailed in the Website Specific Logs section above.

/var/log/nginx/site.url.error.log

Full KB Article: Using the GridPane ModSec Web Application Firewall

Accessing Your Logs Directly and/or Downloading Your Logs

If you’d like to download a copy of these to your computer you can do so by accessing your server over SFTP as the Root user. Here’s our KB on how to get started:

Connect to a GridPane Server by SFTP as Root user

If you’d like to view them directly on your server, you can see the following guides to get started setting up your SSH Keys, and connecting over SSH:

Once connected you can use the cat command, followed by the log file paths detailed throughout this article, for example:

cat /path/to/example.log

Or you can view them in real time with the tail -f command:

tail -f /path/to/example.log

To exit from tail -f hit CTRL+C.

For a real world example, to view the MySQL Slow Log, you can use the following command:

cat /var/log/mysql/slow.log