To get the traffic captures, I used the Andrews & Arnold traffic capture feature that can be triggered on their routers. I set it to capture all PPP traffic (not just IP) going to and from my main LAN. You can do this by going to the clueless.aa.net.uk web server. (They're now wanting us to call that web server 'control.aa.net.uk', which provides the control panel UI, but I prefer the traditional not-tooo-sensible name.)
Firewall:
I looked at my firewall-router’s firewall state (the firewall-router is a Firebrick) to see a list of blocking ('drop') session objects it had created, but that doesn't give me any counts of events, I can just see source IP addresses.
I'm not sure that the firewall can do logging of this type, which might constitute a denial-of-service opportunity in itself with the amount of CPU time it would take up at high traffic rates.