DEV Community

Cover image for Debugging LLM Failures with Gateway Logs
Artem Bondarenko
Artem Bondarenko

Posted on

Debugging LLM Failures with Gateway Logs

Debugging LLM Failures with Gateway Logs

Analyzing structured logs from an AI gateway like Bifrost is a systematic way to debug LLM failures, from provider outages to subtle prompt-level errors, by providing a centralized, standardized view of every request and response.

Application failures are difficult to debug, but failures in applications that use large language models (LLMs) introduce new kinds of complexity. Issues can originate from the local application code, network conditions, the LLM provider's API, or the model's own non-deterministic output. An AI gateway, which centralizes all LLM traffic, creates a critical control point for observability and debugging. By examining the detailed, structured logs from a gateway like Bifrost, an open-source AI gateway from Maxim AI, engineering teams can systematically diagnose and resolve these failures.

Understanding Common LLM Failure Modes

Before debugging, it is useful to categorize the types of failures that occur in LLM-powered applications. They generally fall into a few key buckets.

  • Provider and Network Errors: These are the most straightforward failures. They include standard HTTP errors like 429 Too Many Requests, 500 Internal Server Error, and 503 Service Unavailable. These can be caused by exceeding rate limits, temporary provider outages, or network connectivity problems between the application and the API.
  • API and Configuration Errors: This category includes 401 Unauthorized errors from invalid API keys, 400 Bad Request errors from malformed JSON or invalid parameters, and 404 Not Found errors when specifying a model that does not exist or is not available to the user's account.
  • Model-Specific Errors: Sometimes, the provider's API is reachable, but the model itself rejects the prompt. This can happen due to content safety filters, prompts that are too long for the model's context window, or other model-specific constraints. These errors often return a 400 status code but with a specific error message in the response body detailing the issue.
  • Performance Degradation: These are not outright errors but are still failures from a user-experience perspective. They include high latency (slow responses) or a drop in the quality of the model's output. The latter, known as "model drift," can be difficult to detect without consistent evaluation.
  • Non-Deterministic or "Bad" Outputs: The most complex failures involve the model returning a syntactically valid response that is factually incorrect, logically flawed, or unhelpful. This is not an "error" in the traditional sense, but a failure of the application to achieve its goal.

The Role of Gateway Logs in Debugging

An AI gateway sits between an application and the various LLM providers, intercepting every request and response. This central position makes its logs the single source of truth for debugging. Without a gateway, an engineer might need to check application logs, orchestrator logs, and individual provider status pages to piece together what happened. A gateway with detailed observability provides a unified, structured record.

Well-structured gateway logs should capture:

  • Timestamps: Precise start and end times for every stage of the request.
  • Request Details: The full prompt, model requested, temperature, and other parameters.
  • Provider Information: Which provider and specific API key was used.
  • Response Details: The full model response, status codes, and any error messages.
  • Performance Metrics: Latency (time to first token and total time), token counts (prompt and completion).
  • Contextual Metadata: Information from the gateway itself, such as which virtual key was used or whether a semantic cache hit occurred.

A magnifying glass hovering over a complex, interconnected network of light trails, focusing on a single broken connecti

A Workflow for Debugging with Bifrost Logs

Bifrost emits structured logs that can be exported to various observability platforms. It offers native integration for Prometheus and OpenTelemetry (OTLP), allowing teams to pipe logs and traces into systems like Grafana, Datadog, or Honeycomb.

Here is a typical workflow for debugging an issue using Bifrost's logs.

1. Isolate the Failing Request

Start by identifying a specific failed request. This might come from a user report, an alert from a monitoring system, or by observing a spike in error rates on a dashboard. Key identifiers are a trace ID, user ID, or a timestamp. In Bifrost, this can often be traced back to the specific virtual key that made the request.

2. Check the Gateway Status Code and Latency

Once the log entry is located, the first place to look is the HTTP status code.

  • 5xx Errors: A 503 or 500 status from the gateway indicates a provider-side problem. The log will show which provider failed. A key feature of a gateway like Bifrost is its ability to provide automatic fallbacks, so the log might show a failed attempt to one provider followed by a successful request to another.
  • 4xx Errors: A 429 error points to a rate-limiting issue. Bifrost's logs, combined with its budget and rate limit features, can confirm which limit was hit. A 401 or 403 indicates an authentication problem with the underlying API key.
  • 200 OK with High Latency: If the status is 200 but the request was slow, the log's timing data is critical. High time_to_first_token can indicate the model is under heavy load.

3. Analyze the Request and Response Bodies

If the status code does not reveal the problem, the next step is to inspect the request and response payloads, which are captured in the logs.

  • Request Payload: Check if the prompt contains unexpected characters, is formatted incorrectly, or exceeds the context length.
  • Response Payload: For 400 errors, the response body from the provider usually contains a detailed message. For example, OpenAI will return a specific error type like invalid_request_error and a human-readable message explaining that a prompt was rejected by a content filter.

4. Replicate the Issue

Using the detailed information from the log—the exact prompt, model, and parameters—the developer can replicate the failure consistently. This can be done via a cURL command, a script, or within a testing environment. Reproducing the error is a critical step before attempting a fix.

For example, a log might show a request to an Anthropic model failed. The developer could reconstruct the API call from the log data:

# Example cURL command reconstructed from gateway log details
curl https://api.anthropic.com/v1/messages \
     -H "x-api-key: $ANTHROPIC_API_KEY" \
     -H "anthropic-version: 2023-06-01" \
     -H "content-type: application/json" \
     -d '{
            "model": "claude-3-opus-20240229",
            "max_tokens": 1024,
            "messages": [
                {"role": "user", "content": "Tell me a joke."}
            ]
        }'
Enter fullscreen mode Exit fullscreen mode

5. Correlate with Broader Trends

A single failed request might be an anomaly. The real power of centralized logging comes from aggregation. By querying logs across a time window, teams can answer questions like:

  • Is a specific model from one provider showing elevated latency?
  • Are all requests using a particular virtual key failing?
  • Is there a sudden spike in 429 errors across all OpenAI models, suggesting a global rate limit was hit?

This broader view helps distinguish between isolated bugs and systemic platform issues. The Bifrost AI gateway provides the data necessary to perform this kind of analysis, especially when connected to a full-featured observability platform.

An abstract control room with holographic displays showing flowing data streams and highlighting anomalies in the patter

Advanced Debugging and Prevention

Beyond reactive debugging, gateway logs are essential for proactive failure prevention.

  • Setting Up Alerts: Configure alerts based on log data. For example, create an alert if the percentage of non-200 status codes from any provider exceeds a threshold, or if average latency for a specific model climbs.
  • Governance and Security: Detailed logs are the foundation for security and compliance. Bifrost's audit logs provide an immutable record of all requests, which is crucial for regulated industries. This same data can be used to detect anomalous usage patterns. Furthermore, Bifrost's gateway-level governance and security controls can be extended to the endpoint with Bifrost Edge, ensuring that traffic from desktop apps and CLI tools on employee machines is also logged and auditable through the central gateway.
  • Performance Benchmarking: Use aggregated log data to establish performance baselines for different models and providers. This makes it easier to spot regressions after a code change or when a provider's performance degrades. The benchmarks provided by gateway developers can offer a starting point.

By treating gateway logs as a primary diagnostic tool, teams can move from treating LLM failures as unpredictable events to viewing them as solvable engineering problems. The centralized, standardized data from a gateway provides the necessary visibility to debug systematically and build more resilient AI applications. Teams evaluating AI gateways can request a Bifrost demo or review the open-source repo.

Top comments (0)