Hello. I like to monitor number of new connections per day per IP address and if some limit will be reached, I want add IP address to address list. I don’t know how to do counter of new connections, probably I need some script, but I can’t find any example. Thank you for help.
I think you can do it this way.
Add logging for default nat rule (inside to outside nat)
Then send all log to a Syslog server like Splunk.
In Splunk you can create an alert for any thing you like.
It could easy count anything you like and you could set a limit.
Then Splunk can send you an email report every day if alert is trigged.
The only thing that is negative with this is that you need to pay for a valid Splunk license.
Free version of Splunk removes alert (and some other stuff)