On nfs3 we've had rpc.mountd which logged nice messages to syslog like
authenticated mount request from 192.168.1.11:839 for /mnt/music (/mnt/music)
nfs4 is quiet silent by default. I wish I could log authenticated and more important unauthenticated mount requests (including client IPs)
I've played around with rpcdebug, trying all kind of modules and flags but usually it logged too much and client IPs were not shown.
NFSv4 does not have an explicit MOUNT operation. You can just watch traffic for SETCLIENT_ID operation for NFSv4.0 and EXCHANGE_ID for v4.1 and higher. Well, there are no official way to do it. But.... There is sqlite db in /var/lib/nfsnfsdcltrack/main.sqlite with a table clients, where you can find your clients:
$ sudo sqlite3 /var/lib/nfs/nfsdcltrack/main.sqlite "select * from clients"
Linux NFSv4.1 xxxxxxx|1486574417|1
$
where xxxxx is the client name/ip
BEAWARE that modifying the content of the database will end-up with non functional nfs server.
