if (res == HOSTAPD_ACL_REJECT) {
wpa_printf(MSG_INFO,
"Station " MACSTR " not allowed to authenticate",
MAC2STR(addr));
return HOSTAPD_ACL_REJECT;
}
Can certainly be handled by syslog-ng or another logging system that can filter messages. A priority of "info" is the next one higher than "debug", so seems appropriate to me.
Edit: It may be possible to change the default logger to only show "notice" and higher, but I haven't found coherent documentation on how to do so. That assumes that there is nothing at "info" level of interest from other loggers.