That sounds very promising, what I'm looking at doing is using syslog-ng to pull in the logs from our many host devices and filter into something like a failed authentication log and then have the PRTG syslog sensor alert on this log which should from the sounds of it be well within the thresholds you are working towards being able to handle.
Created on Oct 10, 2013 11:04:07 AM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.