"samhain is an open source file integrity and host-based intrusion detection system for Linux and Unix. It can run as a daemon process, and and thus can remember file changes - contrary to a tool that runs from cron, if a file is modified you will get only one report, while subsequent checks of that file will ignore the modification as it is already reported (unless the file is modified again). "

Well, I looked through a lot of open source HIDS and this is the first one I found that supports a client/server model. Also, it looks like the server will accept standard syslog packets as well.

Now, if I could only find a tool that would make the data useful...