keep apache access log for 30 days
By default cpanel server rotate access log every 24 hours. IF a site hacked x days ago, you have no access log to investigate.
For all newely created accounts keep 30 days of access long in /home/user/logs/ folder, do
Enable for Existing Site
Change ownership of the file
chown USERNAME:USERNAME /home/USERNAME/.cpanel-logs