Enable log archiving in cPanel

Enable log archiving in cPanel
Your website access logs keep detailed records of who connects to your site by HTTP (normal visitors) and by FTP (file transfers such as when you publish pages). By default, those logs are deleted every day after the stats run (Webalizer, AWStats, ...). Log archiving forces the logs to be saved. If archiving was already on, the attack is most likely recorded, which will be useful. If it was off, the data is lost unless the daily stats run hasn't been done yet, but subsequent similar attacks, which are likely, will be logged.

1. Go to cPanel > Raw Log Manager (the name varies in different cPanel versions).
2. Check the "Archive Logs..." box.
3. Uncheck the "Remove the previous month's archived logs..." box.
4. Click Save