This is working as designed, not a defect.
Release : 9.4
Component : API GATEWAY
The message "com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -4: error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token=..." won't be recorded by the "OTK Require OAuth 2.0 Token" assertion when no access_token is passed.
The purpose of the "Custom Error Response" assertion isn't logging, it was just triggered by the event "status 600 (Assertion Falsified)".