cPanel Statistics Tools – Awstats, Webalizer, and What to Use

cPanel includes three traffic statistics tools — Awstats, Webalizer, and (on some servers) Analog. They predate Google Analytics by years and look it: utilitarian interfaces, dated visuals. But they read directly from your web server’s access logs, which gives them visibility into things JavaScript analytics never see. This guide covers what each tool shows, when they’re more useful than analytics, and how to read them productively.

Where to find them

cPanel → Metrics section. You’ll see Awstats, Webalizer, and Webalizer FTP (sometimes Analog Stats). Click any to see per-domain reports.

Each tool reads from the same Apache/LiteSpeed access logs but presents the data differently. None require any code to be added to your site — they work passively on logs already collected.

Log-based vs JavaScript analytics

For honest traffic numbers, log-based statistics paint a fuller picture. For user-journey analysis, JS analytics win. Real understanding usually needs both.

Awstats — the most useful of the three

Awstats is the richest report. Sections worth reviewing:

• Summary — Unique visitors, visits, pages, hits, bandwidth per period. Quick overall sense of traffic volume.
• Monthly history — Past 12 months of metrics. Spots seasonal patterns, growth trends.
• Days of month / Days of week / Hours — When traffic actually arrives. Useful for scheduling deploys or maintenance.
• Visitors / hosts — Top IPs by request count. Suspicious hosts (very high counts, often bots) jump out here.
• Countries — Geographic distribution. Validates whether your audience is where you expected.
• Robots/Spiders visitors — Separate section just for bots. Useful to see if Googlebot is crawling actively.
• Pages-URL — Top requested URLs. Shows what content actually drives traffic.
• Operating systems / Browsers — Visitor environment breakdown.
• Connect to site from — Referrers. Where your inbound links come from.
• Search keyphrases — Historical; modern Google hides these mostly, so less useful now.
• HTTP status codes — Important. High 404 rates indicate broken links; 500 rates indicate site errors.

Reports update once daily — they don’t show real-time data. For real-time, use server-level monitoring.

Webalizer — simpler, less detail

Webalizer was once the standard before Awstats. Now mostly redundant. Shows:

• Hits, files, pages, visits, sites, KB per month.
• Same data per day and per hour.
• Top URLs, top user agents, top referring sites.

If you’re using Awstats, Webalizer adds nothing. Some sysadmins prefer Webalizer’s simpler view; most people don’t open it.

Webalizer FTP — for FTP transfer stats

Tracks FTP access to your account specifically. Useful if you offer FTP downloads or want to monitor FTP traffic patterns. Most sites don’t need this.

Raw access logs

cPanel → Metrics → Raw Access. Lets you download the raw web server log files.

Why you’d want raw logs:

• Debugging specific incidents. Find every request from a specific IP. See exactly what an attacker tried.
• Custom analysis. Run logs through GoAccess, Loggly, AWS CloudWatch, or similar.
• Audit trail. Compliance scenarios that require retention.
• SEO analysis. See exactly what crawlers fetched and when.

Enable “Archive Logs” if you need long-term retention; otherwise cPanel rotates them.

Practical reads — what to actually look for

“Why did traffic spike?”

• Awstats → Pages-URL for the day. Top page reveals what got popular.
• Cross-reference with “Connect to site from” — was it a viral referral?
• Check “Robots/Spiders” — sometimes “traffic spikes” are crawl events.

“Why is bandwidth so high?”

• Awstats → Pages-URL sorted by bandwidth. Big files dominating?
• Check for hotlinked images — visitors loading images on other people’s sites.
• Find heavy bots crawling repeatedly.

“Are bots eating my server?”

• Awstats → Visitors / hosts sorted by hits. High-count single IPs usually bots.
• Robots/Spiders section shows known-bot breakdown.
• If problematic, robots.txt restrictions or IP blocking via CSF.

“What 404 errors am I returning?”

• Awstats → HTTP error codes → 404 list. Common bad URLs shown.
• Could be broken links on your site (fix); attacker scans (ignore); or missing images (clean up).

Excluding internal traffic

If you visit your site frequently while working on it, you skew the stats. Some Awstats configurations allow excluding specific IPs:

• Server-level Awstats config sometimes exposes “Skip hosts” lists.
• Per-user customization usually requires shell access — open a ticket if you need this.

For sites with serious analytics needs, log-based tools complement JS analytics rather than replace them.

Common questions

“Awstats numbers don’t match Google Analytics.” Expected. Awstats sees every request including bots, broken images, and asset prefetches. GA sees only JS-executed page views from non-blocking browsers. The ratio varies but Awstats numbers are typically 3-10x higher.

“Reports show old data.” Updates daily, sometimes once a day late. For real-time numbers use other tools.

“No reports for my domain.” Domain may need stats enabled. Check Awstats domain dropdown; if missing, open a ticket — sometimes per-domain stat generation needs activation.

“Logs only go back 30 days.” Default log rotation. Enable “Archive Logs” via cPanel for indefinite retention (uses your disk quota).

What’s next

• Bandwidth and quota issues from heavy traffic: Disk usage.
• Blocking abusive bots: CSF brute force protection.
• For real user behavior data, run a JS analytics in parallel.

The log-based tools won’t replace your modern analytics for understanding users, but they catch what those tools miss: bot traffic, ad-blocked visitors, broken-link patterns, hotlinking. A 10-minute monthly review of Awstats catches issues that JavaScript analytics would never reveal.