There's a WARN message that's showing up in waae_webservices.log, every 60 seconds.

2026-02-23 07:10:26,186 [https-jsse-nio-9443-exec-9] WARN  com.ca.waae.ws.security.filter.AbstractAuthenticationValve(82) - Authentication failed via scheme Basic: Basic authentication credentials required.. URI: /

webserver's access log shows messages like:

##.##.##.## - - [23/Feb/2026:11:05:17 -0500] "GET / HTTP/1.1" 401 -
##.##.##.## - - [23/Feb/2026:11:06:17 -0500] "GET / HTTP/1.1" 401 -

• F5 Load Balancer was configured with a health check probe against AEWS, every 60 seconds.   It was configured with a send string like:

GET / HTTP/1.1\r\nHost: AEWS-hostname.example.com:9443r\nConnection: Close\r\n\r\n"

• The probe did not have any credentials configured with it, so, F5 is just doing an anonymous connect, web server rejects it on authentication layer resulting in the 401 error
  
  
• But in addition, the WARN message gets displayed in waae_webservices.log

1. The warning (in the waae_webservices.log) can be prevented by introducing a change to $AUTOUSER/log4j.xml  file.
2. Make a copy of the original file and edit the original file

3. Search for an entry that looks like below:
   <!-- Security Logging -->
           <Logger level="WARN" name="com.ca.waae.security"/>

4. Add a new entry below the above:
   <!-- ws security logging -->
           <Logger level="ERROR" name="com.ca.waae.ws.security"/>
   
   
5. Save the file and restart webserver and retest.

Note: The waae_webservices.log should not show that WARN message anymore,  but your access logs will still show  401  error  because, as the probe is not passing a valid user/pass. If proper validation of authentication/authorization and validation of data is needed, the probe could use a valid AEWS anchor with a valid use case. Example:  https://AEWS-host.example.com:9443/AEWS/machine/test-machine   then parse out the output to make sure valid content shows. This way, authentication, authorization as well as data is validated by the probe.