search cancel

Error message in logs has sensitive information

book

Article ID: 187561

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

We are seeing the following error message in our logs:

2020-02-19T00:26:39.367+0100 WARNING 470 com.l7tech.message.HttpServletRequestKnob: Ignoring form parameters due to invalid content Invalid character in '8f k9dya'; '8f k9dya=x&grant_type=client_credentials&client_id=<SOMEVALUE>&client_secret=<Some Other VALUE>'

We dont want sensitive info (such as client_secret) showing in our logs.   


Environment

Release : 9.2

Component : API GTW ENTERPRISE MANAGER

Resolution

IF the message is showing package,
 
com.l7tech.message.HttpServletRequestKnob
 
Then You can add this into your clusterwide properties.
Policy Manager -> Tasks -> global settings -> Clusterwide properties

Add com.l7tech.message.HttpServletRequestKnob.level = SEVERE to the log.levels cluster-wide properties.