This topic describes common symptoms observed in log aggregation and provides guidance on what to investigate. Use this information to quickly identify and resolve issues in your logging pipeline.
Symptom Investigate
Sudden spike in rate_limit denies Misconfigured max_requests_per_second or a runaway client loop
Missing audit events Rate limiting disabled or client IDs not set
High duration_ms Downstream API slowness, token exchange latency, or TLS handshakes
Log volume explosion Payload logging accidentally enabled with large responses

Quick verification commands

You can use the following example commands to confirm the presence of structured logs and to check for rate limit denies. These commands help validate the health of the logging pipeline:
  • The following command displays the last 20 log entries:
    ./mcpgen logs <profile_name> --tail=20
  • The following command counts the number of rate limit denies in the last 500 log entries:
    ./mcpgen logs <profile_name> --tail=500 | grep '"category":"rate_limit"' | grep '"status":"deny"' | wc -l
  • The following command scans the last 500 log entries and filters for audit events. Audit logs provide visibility into tool invocations and rate limiting actions.
    ./mcpgen logs <profile_name> --tail=500 | grep '"logger":"audit"'
  • The following command counts the number of response guard actions in the last 500 log entries. Use it to monitor trimming, blocking, or warning events for large responses.
    ./mcpgen logs <profile_name> --tail=500 | grep '"logger":"response_guard"' | wc -l
  • The following command checks whether per-tool context annotations have been applied. It helps confirm that OpenAPI visibility settings are working as expected.
    ./mcpgen logs <profile_name> --tail=500 | grep 'Visibility: added per-tool context'