Lots of wlceventd_proc_event auth dauth_ind messages in log

ragnaroknroll · Jun 25, 2022

I have an RT-AX86U main router running Asuswrt Merlin v386.7, which in turn connects to an RT-AC86U AiMesh node running Asuswrt v3.0.0.4.386_48260-gd4c241c. I have recently observed a number of strange wlceventd_proc_event messages filling up my system log, referring to a strange <mac_address>, which I cannot identify, and does not seem to belong to any of my devices. Could anyone please let me know if this is some kind of external brute force attack on my wireless network? Thanks!

Code:

Jun 25 17:50:08 wlceventd: wlceventd_proc_event(505): wl0.2: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:08 wlceventd: wlceventd_proc_event(505): wl0.1: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:08 wlceventd: wlceventd_proc_event(469): wl0.2: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:08 wlceventd: wlceventd_proc_event(469): wl0.1: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:08 wlceventd: wlceventd_proc_event(505): wl0.1: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(469): wl0.1: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(505): wl0.2: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(469): wl0.2: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:09 wlceventd: wlceventd_proc_event(505): wl0.2: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(469): wl0.2: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind <mac_address>, status: 0, reason: Unspecified reason (1)
Jun 25 17:50:11 wlceventd: wlceventd_proc_event(505): eth6: Auth <mac_address>, status: Successful (0)

kernol · Jun 25, 2022

"wlceventd" log entries have been covered in countless threads on these forums. Try a search and you'll see for yourself.

Best solution in my view is to install "scribe" addon from item 5 on the amtm menu built into the firmware.
This will allow all these wlceventd log entries to gather in a separate log file - which, with the uiScribe addon, means you can safely ignore them while enjoying a cleaner Messages log.

ragnaroknroll · Jun 25, 2022

Sorry, my bad. I did search the SNB Forums, but didn't find a thread relevant to my situation. Maybe I didn't look hard enough. But thanks nonetheless for your response. I assume this is nothing to worry about.

L&LD · Jun 25, 2022

Be sure to use Better Search at the top of the page, much more relevant results will be shown.

Advanced search results | SmallNetBuilder Forums (snbforums.com)

HPDeskjet · Mar 30, 2025

I've done a search for this too. Search only comes up with this thread.

I'm having the same problem with my RT-BE88U Asus router with the latest Asuswrt-Merlin firmware. These wlceventd_proc_event messages are now appearing up to 7400 times a day in my log. The mac address stated in the logs does not belong to anything I have on my network.

I can find no solution to this, either here or on the internet. Anyone any ideas?

Ripshod · Mar 30, 2025

Will MAC filters not block this device?
I do like the scribe solution, but by filtering all wlceventd events in the log It would remove a lot of valid messages. Perhaps inclue the MAC address in the filter?

HPDeskjet · Mar 31, 2025

Thanks for the replies. Blocking the mac address in wifi settings had no effect. I've used the following to get rid of the log flooding with:

Severity level set to 5 instead of the default 6 with SSH commands:

nvram get log_level
nvram set log_level=5
nvram commit

Then, rebooted the router.

Search

Search

Lots of wlceventd_proc_event auth dauth_ind messages in log

ragnaroknroll

Regular Contributor

kernol

Very Senior Member

ragnaroknroll

Regular Contributor

L&LD

Part of the Furniture

HPDeskjet

New Around Here

Ripshod

Very Senior Member

HPDeskjet

New Around Here

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Staff online

Members online