The solution to your problem is very old, but doesn't involve iptables. It's called the inetd super-server. Its configuration - /etc/inetd.conf - lets you define the port and protocol to listen for - the "service", defined in /etc/services - and the program to execute in case of a connection - which could be your logging script.
The service would be
microsoft-ds 445/tcp # Microsoft Naked CIFS