API Gateway: How to see Tomcat logs when Clients are receiving Error 400 Bad Request response, no entries in SSG logs.

book

Article ID: 101845

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

This article will discuss how to enable Tomcat logging in the API Gateway. Tomcat is a third-party library used for handling all HTTP requests on the API Gateway. At times, clients sending a message to the API Gateway may receive a response back as "HTTP 400" status code, or more often known as "Bad Request". It is often difficult to understand why the client is receiving a Bad Request response, especially when there are no entries for their request in the SSG log files. 

Cause

Logs for the Tomcat (and Coyote) third-party libraries are disabled by default in the API Gateway.

Environment

This article applies to all supported API Gateway versions.

Resolution

How to add Tomcat logging to the SSG logs: 

  1. Go to Tasks > Logging and Auditing > Manage Log/Audit Sinks > ssg > Properties. Set the Severity Threshold to FINE.
  2. Go to Tasks > Global Settings > Manage Cluster Wide Properties > Add a new CWP called log.levels or modify the existing one if you've already used this in the environment.
    1. Modify the value of "com.l7tech.level = FINE" and add new value "org.apache.coyote.http11.Http11Processor.level = FINE".

Once completed, the following error can be observed in the Gateway SSG logs, as an example:

org.apache.coyote.http11.Http11Processor: Error parsing HTTP request header java.lang.IllegalArgumentException: Request header is too large ...

Additional Information

It is recommended to only do the above when troubleshooting and then disabling the Tomcat logs again afterwards. The reason for this is enabling these Tomcat logs can create a lot of extra logging which in-turn creates a lot of extra overhead which will often have a negative impact in performance, especially in an actively used production environment.