Error message in logs has sensitive information
Article ID: 187561
Updated On:
Products
CA API Gateway
Issue/Introduction
We are seeing the following error message in our logs:
2020-02-19T00:26:39.367+0100 WARNING 470 com.l7tech.message.HttpServletRequestKnob: Ignoring form parameters due to invalid content Invalid character in '8f k9dya'; '8f k9dya=x&grant_type=client_credentials&client_id=<SOMEVALUE>&client_secret=<Some Other VALUE>'
We dont want sensitive info (such as client_secret) showing in our logs.
Environment
Release : 9.x 10.x 11.x
Component : API GTW ENTERPRISE MANAGER
Resolution
IF the message is showing package,
com.l7tech.message.HttpServletRequestKnob
Then You can add this into your clusterwide properties.
Policy Manager -> Tasks -> global settings -> Clusterwide properties
Add com.l7tech.message.HttpServletRequestKnob.level = SEVERE to the log.levels cluster-wide properties.
Add com.l7tech.message.HttpServletRequestKnob.level = SEVERE to the log.levels cluster-wide properties.
Feedback
Yes
No
Powered by
