Viewing logs
SuperSpace keeps several kinds of logs for a site: the CDN's edge access logs, your site's web-server access and error logs, and Shield security events. Most are viewable right in the dashboard, and you can also read the raw Nginx log files directly over SFTP/SSH.
| Log | Answers | Where to find it |
|---|---|---|
| CDN access logs | Which requests the CDN served, cache hit/miss, status codes, and where visitors came from | Log Viewer → CDN Logs tab |
| Error logs | Web-server and PHP errors on your site (5xx responses, fatal errors) | Log Viewer → Error Logs tab, or logs/error.log |
| Access logs | Every request your site's web server handled | Log Viewer → Access Logs tab, or logs/access.log |
| Shield security events | What Shield blocked, challenged, or logged (WAF, bots, rate limits) | Shield → Security Events |
Before you start
- A site that has finished provisioning and shows status ONLINE.
- Permission to edit the site — log viewing, like file access, is available to users who can edit the site.
- CDN access logs require the CDN to be active on the site, and Security Events require Shield to be included in your plan. The other logs are always available.
The Log Viewer (dashboard)
In the site's left sidebar, open the Analytics & Logs menu and choose Log Viewer. The page has three tabs: CDN Logs, Error Logs, and Access Logs.
A time-range control at the top right — Last hour, Last 6 hours, Last 24 hours (the default), and Last 3 days — drives the CDN summary and table.
CDN Logs
The CDN Logs tab shows requests served by the CDN at the edge. Above the table, a summary strip of cards reports Total Requests, Cache Hit Rate, 4xx Errors, and 5xx Errors, along with status- and cache-status distributions and the top URLs, countries, and IPs.
Filter the table with the Status (e.g. 404), Cache (e.g. HIT / MISS),
Country (e.g. US), and URL contains fields, then click Apply
(Reset clears them). Each row is a single request, with columns for Timestamp,
Cache, Code, Remote IP, Country, Edge Location, URL, User Agent, Request ID, JA4
Fingerprint, and ASN.
What to expect from CDN logs
- Retention is 3 days. Choosing a wider range returns "That time range is too large." The CDN keeps at most three days of logs.
- Visitor IPs are anonymized — the last octet is zeroed, so addresses end in
.0. That's expected, not a bug. - The summary can lag the table. The four headline cards are real window-wide totals (and can be up to about an hour behind), while the distributions and "top" lists are computed from a sample of the most recent requests — so they won't always add up to the headline numbers.
- If the CDN isn't active on the site, this tab shows "CDN logging is not active for this site." See Manage edge rules for the CDN.
Error Logs and Access Logs
The Error Logs and Access Logs tabs show your site's web-server (Nginx)
error and access logs, read from the site container. These are the same
logs as the error.log and access.log files on the volume (see
Reading the raw log files below) — the tabs are just a
quick, in-dashboard view of the most recent entries.
The Error Logs tab is the first place to look when a page returns a 500 or a
plugin misbehaves. If there's nothing for the current day, it shows "No origin
error logs found for today."
Shield security events
If your plan includes Shield, its event log lives on its own page. In the sidebar, open the Shield menu and choose Security Events (the page is titled Shield Security Events).
Pick a day with the Date picker (it defaults to today). Each row is one action Shield took, with these columns:
| Column | What it shows |
|---|---|
| Time | When the event occurred |
| Severity | Critical, Warning, or Notice |
| Rule ID | The Shield/WAF rule that matched |
| Country | Origin country of the request |
| Method | HTTP method (GET, POST, …) |
| Status | HTTP status code returned |
If Shield logged nothing for the chosen day, you'll see "No security events recorded for this date." For tuning what Shield does, see the Shield guides.
Reading the raw log files
Your site's full Nginx logs live in the logs/ directory at the root of the
site's volume:
/home/sftpuser/apps/{{ container name }}/wordpress/logs/
It contains access.log (every request) and error.log (web-server and PHP
errors). These are the complete files — useful when you need more history than the
dashboard tabs show, or want to search or tail -f them live.
Reach them with any file-access method — SFTP, SSH, the File Manager, or Cloud Shell. See Accessing your files for how to connect. From an SSH or Cloud Shell session:
# Your shell starts in /home/sftpuser; there's one app directory per site.
cd apps/*/wordpress/logs
tail -n 100 error.log # the last 100 error-log lines
tail -f access.log # follow requests live — press Ctrl-C to stop
grep " 500 " access.log # find requests that returned a 500
Reading logs over the API
Two of these logs are also available through the REST API:
- CDN access logs —
GET /api/sites/:site_id/logs/cdn(and…/logs/cdn/summary). Supports the samestatus,cache_status,country, andurl_containsfilters as the dashboard, plus aperiodof1h/6h/24h/72h. Requires the CDN to be active (409 cdn_not_active). See CDN, Cache & Logs. - Shield security events —
GET /api/sites/:site_id/shield/eventsfor a givendate(MM-DD-YYYY). See Shield.
curl -H "Authorization: Bearer $SUPERSPACE_TOKEN" -H "X-Auth-Account: $ACCOUNT_ID" \
"https://control.superspace.nl/api/sites/$SITE_ID/logs/cdn?period=24h&status=404"
Related reading
- Accessing your files — SFTP, SSH, the File Manager, and Cloud Shell.
- Custom server configuration — where the Nginx log paths are set (and how to override them).
- Manage edge rules and the Shield guides — the CDN and security layers these logs come from.