At work we use the super awesome FreeIPA (which is a wrapper for things like Kerberos and LDAP) for single sign on to servers and other stuff, but it doesn't really have a way to track what servers users are logging into without trawling through the logs.
As I like to know what my users are doing (getting my stalk on..) I have written a small bash script that parses the krb5kdc log for user logins and then sends the output to an IRC channel using the super awesome irccat (since we use IRC for internal comms) with pretty colours.
The script currently tails the log and reads it in line by line, the line is then fed into an if statement which checks if it contains the user login bits. If true it then grabs the user and server and echos it to irccat (as well as outputting to console), with a date string.
As krb5kdc logs user authentication as opposed to just logins, use of sudo will be outputed as a user authenticating with the server as well.
The script requires users to have a prefix on their username for ease of parsing.