Feature Request - Add regex filter in system log

[dineshgyl]

Hi,

I am using - RT-AX86U Pro 3006.102.6

I have lot of devices and every now and then I get below messages from my IOT devices. I am just showing snipped but there messages come from all the other MAC address as well. This floods the syslog and also causes lot of wear/tear of NAND.

I think this is controlled via klod/syslogd

wlceventd: wlceventd_proc_event(645): eth6: Deauth_ind 2C:AF:AE:55:D1:55, status: 0, reason: Unspecified reason (1), rssi:0

wlceventd: wlceventd_proc_event(685): eth6: Auth 2C:AF:AE:55:D1:55, status: Successful (0), rssi:0

wlceventd: wlceventd_proc_event(645): eth6: Deauth_ind 2C:AF:AE:55:D1:55, status: 0, reason: Unspecified reason (1), rssi:0

wlceventd: wlceventd_proc_event(685): eth6: Auth 2C:AF:AE:55:D1:55, status: Successful (0), rssi:0

wlceventd: wlceventd_proc_event(645): eth6: Deauth_ind 2C:AF:AE:55:D1:55, status: 0, reason: Unspecified reason (1), rssi:0

wlceventd: wlceventd_proc_event(685): eth6: Auth 2C:AF:AE:55:D1:55, status: Successful (0), rssi:0

wlceventd: wlceventd_proc_event(722): eth6: Assoc 2C:AF:AE:55:D1:55, status: Successful (0), rssi:-45

wlceventd: wlceventd_proc_event(722): eth6: Assoc 2C:AF:AE:55:D1:55, status: Successful (0), rssi:-46

wlceventd: wlceventd_proc_event(645): eth6: Deauth_ind 2C:AF:AE:55:D1:55, status: 0, reason: 4-way handshake timeout (f), rssi:-46

wlceventd: wlceventd_proc_event(645): eth6: Deauth_ind 2C:AF:AE:55:D1:55, status: 0, reason: 4-way handshake timeout (f), rssi:-46

I think it would be good idea to add a regex filter which would allow us to filter wlceventd messages. Idea is not to log those messages in the /jffs/syslog.log

Right now because of this, I have to set the Log Only messages more urgent than Notice which filters all the other notice messages. Yesterday I had an internet outage (https://www.snbforums.com/threads/router-suddenly-loose-internet.96504/#post-980616) and I could not find any useful log entries because of this notice filter. May be there was some notice message which would have indicated what happened.

I think its controlled by these two processes not sure though. May be another command line option is needed to this utility to the filter?

29174 root 3324 S    /sbin/syslogd -m 0 -S -O /jffs/syslog.log -s 1024 -l 5 -R X.Y.Z.A:514 -L -H RT86U
29176 root  3324 S    /sbin/klogd -c 5

I think this can be done via scribe too but I dont want to install Entware/Attach a USB drive to router. Want to keep things simple.

I am sure a lot of users would like to have something like this.

 

[ColinTaylor]

See this thread:

[Beta] ModSyslogUI - seeking code reviewers and beta testers

Long time user of Auswrt-Merlin and benefactor of numerous addons. First time attempt at contributing back to the community - be kind as I learn to work with Github. Code reviewer feedback and suggestions requested - https://github.com/kstamand/modsyslogui/tree/v1.0.0-beta1 ModSyslogUI -...

www.snbforums.com

This floods the syslog and also causes lot of wear/tear of NAND.

Whilst annoying it doesn't really cause any particularly concerning "wear and tear" on the NAND because of the caching being used by the firmware.

I think it would be good idea to add a regex filter which would allow us to filter wlceventd messages. Idea is not to log those messages in the /jffs/syslog.log

As the following post notes, it doesn't reduce the logging to jffs only what's displayed in the webUI.

 

[dave14305]

Such a filter would only limit what is displayed, not what is written to the syslog.log.

 

[Ripshod]

You're running merlin firmware so take a look at the scribe and uiScribe addons. You can split the syslog into seperate log files, so you could have a seperate logfile for wlceventd, which actually exists by default on first installation. You can even set a filter to just block certain messages, such as the long existing and heavily used dstentry.

 

[Maverickcdn]

I have a startup script that kills the wlceventd process at boot, it isn't necessary for wireless to function, its essentially troubleshooting/diagnostic information

 

[aru]

You can try using Scribe addon together with uiScribe. They’re very practical for categorizing and organizing system logs, making them much more intuitive and easier to review.

 

[elorimer]

The OP knows about scribe and specifically didn't want to add Entware.

 

[ColinTaylor]

I think this can be done via scribe too but I dont want to install Entware/Attach a USB drive to router. Want to keep things simple.

You're running merlin firmware so take a look at the scribe and uiScribe addons.

You can try using Scribe addon together with uiScribe.

 

[dave14305]

uiScribe - uiScribe v1.4.10 [2025-Dec-22] - Custom System Log WebUI page for Scribe (syslog-ng) logs

Release Notes for uiScribe v1.4.7 production version now available [2025-Jul-05] 1) FIXED: Errors when loading the WebUI page on the 3006.102.x F/W version. 2) FIXED: Issue with "missing scrollbar" on browser windows when the WebUI page was loaded on the 3004.386.14.* F/W version. 3)...

www.snbforums.com

I installed Scribe and UiScribe today for the 1st time.

 

[JGrana]

I have a startup script that kills the wlceventd process at boot, it isn't necessary for wireless to function, its essentially troubleshooting/diagnostic information

Interesting. Does it stay dead? Asus has some daemon that watches certain processes and restarts if they “go away”.

 

[Maverickcdn]

Interesting. Does it stay dead? Asus has some daemon that watches certain processes and restarts if they “go away”.

Yes. My understanding is the ASUS services watchdog only monitors essential router services. You only need to kill wlceventd after its started on boot

Edit: sorry, I also have it hooked to a script I use so when wireless is restarted for whatever reason it will restart wlceventd so my kill script needs to be ran again, you could use a cron entry to continually check if its running