diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/LogIngestionController.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/LogIngestionController.java
index 53443cde..fa2acf68 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/LogIngestionController.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/LogIngestionController.java
@@ -15,6 +15,8 @@ import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -94,6 +96,14 @@ public class LogIngestionController {
         return ResponseEntity.accepted().build();
     }
 
+    @ExceptionHandler(HttpMessageNotReadableException.class)
+    public ResponseEntity<Void> handleDeserializationError(HttpMessageNotReadableException ex) {
+        String instanceId = extractAgentId();
+        log.warn("Log ingestion from instance={}: failed to deserialize request body: {}",
+                instanceId != null ? instanceId : "unknown", ex.getMostSpecificCause().getMessage());
+        return ResponseEntity.badRequest().build();
+    }
+
     private String extractAgentId() {
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
         return auth != null ? auth.getName() : null;