This security log file actively monitors the logs you specify.
To add more files, or change the current ones, edit the paths after tail -f.

As you can see you can specify more than one file to monitor concurrently.
Change your search terms in the first grep to match your preference.

The first command is run in the background, actively passing the received (matching) data to an output file (which you can change if you'd like). The second command visually monitors and displays the results on-screen, while EXCLUDING the terms in the 2nd grep.
127.0.0.1 being local host, and 24.226 being my ISP's DNS.
Change these to your liking.

Paste this into a file and chmod +x seclog
then ./seclog

Thanks!

-Ziddy #!/bin/bash
#
#
# Name: seclog
# Author: Ziddy (Jeff)
# Version: v1.0.4
# Purpose: monitors multiple logfiles actively for specific data
#
# Created: Aug 1st, 2012
# Last Rev: Aug 3rd, 2012
###############################################################################

tail -f /var/log/auth.log -f /var/log/messages | grep --line-buffered -E -o 'Failed password for .{1,}|Accepted password for .{1,}|scan .{1,}' > /home/ziddy/output &
tail -f /home/ziddy/output | egrep -v "127.0.0.1|24.226"