Did you ever get this sorted?
SW - is this something that can be done in the way described by thefish?
The current RSA Auth Manager connector IS expecting syslog data. I'm assuming previous customers were either using an appliance that syslogs, or syslogged from the app to a syslog server. It's pretty unlikely it'll work against flat files.
We have two other connectors for RSA ACE/SecurID, but they are either via a) syslog, or b) Windows Event log. Have you checked the event log to see if there's AM events there by chance?
Or, perhaps AM supports syslogging audit events natively to a third party source by chance?
Last case is that we'll have to look at these logs separately, because our connectors either have to be configured to monitor for date-based file rotation, or they point at a static file. The AM connector points at a static file, so even if it matches, you'd have to reconfigure it daily which is no good either.