I would like to see a log of unsolicited incoming connections that the firewall ignores.
This lets me define firewall rules to block IPs currently performing attacks or surveys. Also, the port number that bad guys try to connect to says something about what they are after.
One obvious issue is that this can generate an excessive amount of logging. To deal with this, we would need to be able to set a limit. For example, perhaps no more than x logs of this type per hour or per day. Some of us won’t care and we can set the limit low or to zero. Those who do care can set the limit higher.