I am not sure if we talk about the same 
Nearly first thing written: This needs to be the last two filter rules.
So the port tester only adds IP that do not hit any other open/configured port above.
I have not written anything about Winbox. That is some you need to configure your self.
Tarpit config I have just copied from some else, not my work, and if I do log these setting, it seems to work as intended.
Her are the flow part. RouterOS always apply filter/rule from top to bottom (until it hit some that stops the process)
Top rule (use tarpit/drop) or use top rule block in raw.
Rule a
Rule b
Rule c
Rule d
.
.
(and then final two rules at the bottom of the config)
Second last action. Since IP does not hit any rule above. Add it to the Block list
Last action. Drop the IP and log the action
Next time same IP tries to enter the system, it will be blocked by the firs rule in raw or by the tarpit/drop section in filters.
\
Use Splunk> to log/monitor your MikroTik Router(s). See link below. 