I want to see all blocked ip that firewall drop and maybe add them to a dynamic address list .

or with another way.

i dont undestand how this help me thnx

In that case I would advise you not to try things like that until you have a better understanding how it works and what the risks are!

Why, a huge waste of time.
All you need is..

/ip firewall filter
{Input Chain}
(default rules)
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
(user rules - what traffic should be allowed)
add action=accept chain=input in-interface-list=LAN *****
add action=drop chain=input comment="drop all else"
{forward chain}
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
(user rules - what traffic should be allowed)
add action=accept chain=forward comment="allow internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"

***** Typically, one has a single trusted subnet, (not used for guests or media or iot etc......) but the rule above allows all subnet traffic for initial connectivity for router services and to config the router. Better to split router services for everyone and ONLY the admin to config the router! Thus the rule should be modified further three rules:
add action=accept chain=forward src-address-list=Authorized
add action=accept chain=forward dst-port=53,123 protocol=tcp in-interface-list=LAN (drop port 123 if NTP not a service provided)
add action=accept chain=forward dst-port=53 protocol=udp in-interface-list=LAN

Where Authorized is a firewall address list comprised of (nominally) the following:
add address=IPofadmin1 list=Authorized ( desktop )
add address=IPofadmin2 list=Authorized ( laptop wifi )
add address=IPofadmin3 list=Authorized ( Ipad/iphone wifi )
add address=IPofadmin4 list=Authorized ( Road Warrior IP through wireguard connection - laptop )
add address=IPofadmin5 list=Authorized ( Road Warrior IP through wireguard connection - Ipad/iphone )
etc.....

Note: Assumes addresses behind router are set as fixed static leases.

++++++++++++++++++++++++++++++++++++++++

Thus one does not really have to care or bother with what or who is attempting to ping router.
All traffic is dropped by both input and forward chains. The only allowed traffic is that you have stated (user allowed rules)

the problem is that my customer wants to see all the droped ip and that cause i want to add them on address list ...

i have also do that with a script for ipsec spam ... but i need something similar for droped ip

You can put the dropped IP in an address list (see the help page I gave you before), but I think the next thing you will do is drop all packets from the IP in the address list before even doing anything else (e.g. in raw) and THAT WILL BITE YOU BIG TIME!
So it is better not to do such things.

Tell the customer its $5 per line item. After 10,000 hits................

Just tell him that extra logging slows down the router for no benefit and ask what he customer intends on doing with many random IP addresses. Makes NO F sense.

i think if in drop rule set log=yes then with any way can a script put this ip in an address list like i did with ipsec attacks?

Yes you could try that.............

add action=accept chain=forward src-address-list=Authorized
add action=accept chain=forward dst-port=53,123 protocol=tcp in-interface-list=LAN (drop port 123 if NTP not a service provided)
add action=accept chain=forward dst-port=53 protocol=udp in-interface-list=LAN
add chain=input action=add-src-to-address-list address-list=WasteOfTime in-interface-list=WAN
add chain=input action=drop comment="drop all else"

i think if in drop rule set log=yes then with any way can a script put this ip in an address list like i did with ipsec attacks?

Did you already read the help page I referred you to? It tells you how to do it.
When you cannot read that, question your ability to service your customer. Get a MikroTik admin course.
Doing cut-and-paste admin of firewalls without understanding the matter is not going to do you any good.

my problem is only that i cant find any way to send from log the ip to an adress list dynamic ….

my problem is only that i cant find any way to send from log the ip to an adress list dynamic ….

It is better that you do not touch these things. I told you were to find it, Anav showed you an example, and still you can't.
Find someone who can!

i did it with the firewall rules that attached thnx ….