extended POSTFIX_TLSCONN for a higher smtpd_tls_loglevel

[ulab]

Postfix 3.5.23 on a Debian 11.8 with smtpd_tls_loglevel set to 1.

Of course I noticed that the reason for the failed pattern was because I increased the default loglevel after I had extended the pattern and added a test file. But maybe the extra data will help someone else too.

If not it might be an idea to have some %{GREEDYDATA} at the end of POSTFIX_TLSCONN so at least extended lines do not fail the basic pattern?

[whyscream]

Hi @ulab ,

I never noticed this difference, because I don't use the increased TLS loglevel. Nice catch!
I'm going to merge this PR, but I'll update the newly added keys to use underscores in stead of dashes, because this matches the existing formatting better.

[ulab]

I had used the dashes because the log message used it and fields like postfix_message-id still has a dash too.

It's not like a divider between subfields in that case.

[which should be changed to . anyway like the more modern ECS variants do… ;)]

[whyscream]

Ah yes, those fields come from the automatically parsed key-value-data indeed. I created issue #191 about ECS-style field naming.