To best understand why these logs occur please see below:
Q.) How does the auth header work, who requests this header, and why?
A.) The PubSub API that we use to submit batches of logs requires clients to authenticate with these auth headers. That means that clients have to include this auth header field in the HTTP request, and then the data contained in the payload will be processed by the API, otherwise, the data submitted, will be rejected by the API. The pubsub destination code on the syslog-ng side has to take care of managing its auth headers, and request new ones if the currently used one becomes invalid due to aging out.
Q.) When is an auth header renewed? After every batch or after a certain amount of time?
A.) Syslog-ng's code will notice if the PubSub API rejects the data submitted to it. This usually means that the old token/auth header has become invalid, and then syslog-ng will request a new one from the PubSub API, and will then retry sending the data that was rejected earlier (but this time with the new auth header value).
Q.) Can these logs be filtered out?
A.) These logs server as an important debugging feature, therefore these logs shouldn't be filtered out/dropped. These logs can be redirected to a different destination such as a local file, however, support may need these logs for troubleshooting.