Authentication attempts:
Location : /var/log/secure
Description : Logs all daemons which requires PAM Authentication, it also logs actions performed in cPanel that require privilege escalation..

Tracking all Bad Logins and Logouts:
Location : /var/log/btmp
Description : Log of all attempted bad logins to the system. Accessed via the lastb command..

Tracking all Logins and Logouts:
Location : /var/log/wtmp
Description : The wtmp file records all logins and logouts.

Last Logins:
Location : /var/log/lastlog
Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user.

WebDav or WebDisk Log :
Location : /usr/local/cpanel/logs/cpdavd_error_log
Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content…

Cphulkd Logs:
Location : /usr/local/cpanel/logs/cphulkd_errors.log
Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service.. It blacklists IPs that it thinks are trying to run a brute force attack.

Failure Logging:
Location : /var/log/faillog
Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure.

Startup/Boot, Kernel & Hardware error messages :
Location : /var/log/dmesg
Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..