well, you could always use a TACACS or RADIUS servers for authentication. Typically those applications may have a reporting function.
If not, you could poll for sessions (basically find the OID that presents the results of a "show user") and compare them against an approved list. That might take some manual labor (in creating and maintaining the approved user list) but it'd meet your requirement.
If you're looking to alert when someone attempts to access them, you could implement quiet mode and trigger an alert when this is engaged. There's some pretty good tutorials about implementing quiet mode, like this one: Cisco Quiet Mode | CCIE or Null!
Either way, search for the OID that can give you something to check against and create an alert based on a Custom Poller for that OID.
Or execute the command "login on-failure trap every #" which would send a trap every time someone failed to provide authorized credentials properly "#" times. Then you can use the trap viewer to send an alert any time this trap is received. A similar action can be performed if you have a syslog viewer with alerting functionality.
You've got options, boss. Hope this helps!