When reviewing the SSG log you may notice access tokens are being logged in clear text, for example:

 

20180726 13:16:53.822

INFO

-4

error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token='e62d0e32-096e-424d-a29e-bf76d9857e8d'

Release:
Component: APIGTW

This entry is only logged for expired or revoked tokens. No active tokens will be logged on the system.
To avoid these being logged you can set the below cluster wide property:

Open Policy Manager
1) Navigate to Tasks -> Global Settings -> Manager Cluster-Wide Properties
2) Add the below property name and value:

name: audit.detailThreshold 
value: WARNING