Support

That's actually different than what you've seen having been requested (exporting the IP blacklist with the intention of sharing it among different sites).

First of all, sharing the security exceptions log data to demonstrate to your client that their site is protected beats the purpose. When the firewall is configured to work efficiently you'll see that the number of security exceptions drops. The reason is that the repeat offenders will be temporarily IP blocked, stopping repeated attacks in their tracks without registering new security exceptions. Moreover, incorrigible repeat offenders can be set up to be permanently IP blocked, therefore you'll never see them in the security exceptions log again. If despite your configuration you see the same IPs coming back you may want to consider a "wider net" approach in the automatic IP banning. If you see different IPs attacking your site by the thousands every month you may want to consider using a low-level, network firewall such as CloudFlare in front of the public frontend of your site.

That said, an easy thing to share with your clients is the Exceptions Graph you can find in the main page of Admin Tools. It always displays 30 days and you can choose the start date. You can screenshot this and/or tell your client how to produce it themselves.

A very crucial note: less is better. On our site we get less than 30 security exceptions per day. Typically we get less than 10. That's because we employ layered security. Admin Tools is not the only or first line of defense. There are several firewalls a request has to go through before it gets to be handled by PHP. That's what good security is all about: layering. Think of it this way. When you get soldiers to combat you have several layers of security. The soldier wears body armor (web application firewall) and sits inside an armored transport (web server application firewall) with an explosive counter-rocket layer (operating system firewall), supported by air forces deployed in a way that will hinder and weaken the enemy before they reach our forces (network level firewall / anti-DDoS protection). Quite clearly, the number of bullets (potential attacks) hitting the soldier's body armor is NOT a good sign for your security regimen. If anything, you'd like to have exactly zero of them. After all, one of them may end hitting our soldier in the neck (0-day vulnerability not protected by the firewall) and kill him (exploit). I hope that analogy helps you understand what I am saying better.

In any case, what you want can already be done for the most part. Go to Components, Admin Tools, Web Application Firewall, Security Exceptions Log. Use the filters at the top of the page to filter by date. Then you can set the numbers of results per page to All using the pagination controls at the top right of the list. When the page reloads (it will take a while!) you can simply use your browser to print the page. You can "print" to a PDF with all three major operating systems I'm using (Windows 10, macOS Sierra and Ubuntu Linux) right out of the box. But, as I said, I wouldn't consider this a metric of success - unless the number of security exceptions went from high to low over time and stayed that way thanks to your vigilance.