Instead of EX:AM:PL:E0:00:01@wifi1 roamed to EX:AM:PL:E0:00:01@cap-wifi2, signal strength -81
I want: foobar@wifi1 roamed to foobar@cap-wifi2, signal strength -81
Where foobar would be a comment on EX:AM:PL:E0:00:01 via /ip/dhcp-server/lease
Has anyone done something like that? I know you can transform / enrich logs via https://vector.dev/ but that sounds drastic and it seems non-trivial to export /ip/dhcp-server/lease to csv https://vector.dev/highlights/2021-11-18-csv-enrichment/
Strange thing to request, but there are something you can enrich the mac address with is the vendor code translation to vendor name.
I saw somewhere script that does lookup logs for ipsec errors to block undesired connection attempts. You can try and do the same - make a script that looks up for whatever you want, extract MAC from the message, look for dhcp-lease with corresponding MAC, :log info $MAC . $AP with the format you want.
Since what you want is not a common request, I doubt this would be implemented, but with some effort you can make it on your own.