Your website access logs keep detailed records of who connects to your site by HTTP (normal visitors) and by FTP (file transfers such as when you publish pages).
By default, those logs are deleted every day after the stats run (Webalizer, AWStats, …).
Log archiving forces the logs to be saved. If archiving was already on, the attack is most likely recorded, which will be useful.
If it was off, the data is lost unless the daily stats run hasn’t been done yet, but subsequent similar attacks, which are likely, will be logged.
Here are the steps you’ll need to follow to enable log archiving in cPanel –
1. Log in to cPanel > Raw Log Manager (the name varies in different cPanel versions).
2. Check the “Archive Logs…” box.
3. Uncheck the “Remove the previous month’s archived logs…” box.
4. Click the Save button.