A simple and effective general solution is to use logcheck.

sudo apt-get install logcheck

[edit /etc/logcheck/logcheck.conf to your liking]

logcheck periodically scans all the logs efficiently (starting where it left off last time), filters what it sees to eliminate anything considered normal, and optionally emails alerts with anything that doesn't match the normal/routine patterns.

The main idea is to watch-out for appearance of any serious entries in your log files, all of them, all the time, so you don't have to.

logcheck is highly configurable (man logcheck). You may configure everything, including:

• frequency of checks


• which log files are checked


• what is considered normal vs not


• where to email the alerts (abnormal events) to

and more. Your ignore (normal/routine) patterns reside in multiple files under /etc/logcheck/ignore.d.* and you may customize them to your needs; mainly you may want to add your own patterns to ignore. The default Ubuntu package comes with an extensive set of files with ignore patterns for many services already, so there's not much to add unless your system is unusual in what it runs. There are 3 sets of pre-configured ignore file profiles: ignore.d.workstation, ignore.d.server, and ignore.d.paranoid which you can pick from.

The main idea behind logcheck is that the various services running on a system, already log abnormal events. E.g. sshd or pam already log authentication failures. So the main missing components are:

• filtering what's normal


• The alerting service

Both of which are provided by logcheck in a convenient package. You may combine logcheck with any other logging. For example iptables can be configured to syslog any network connection attempts that are not explicitly allowed by adding the rules:

 iptables -A input -j LOG

 iptables -A input -j DROP

immediately after all the allow rules.

I find logcheck to be much more helpful than logwatch (suggested in other answers) because it comes pre-packaged with a very large number of rules to ignore what's considered normal activity. The result is a much higher signal/noise ratio in the alerts it emails. YMMV.

Another advantage of logcheck is that it is orthogonal to any service that logs, so there's no duplication of function. Whenever you add a new service which uses syslog to log events, abnormal or not, into any file under /var/log you start getting alerts for it automatically.

HOWTO:

Since logcheck already comes preconfigured, two lines at the top of
this answer essentially cover all you need to get started. Just
install it, and go over the top configuration file:
/etc/logcheck/logcheck.conf to change your email address
so logcheck emails alerts to you.

Here's a friendly reference going over the second step in more
detail.
Since Ubuntu is based on Debian, these instructions should work on Ubuntu too.
Here is another good reference.

Once you install, the continuous improvement process starts.
Over time, you refine your rules to ignore anything that you already know about
and feel shouldn't be of concern.
This refinement process is as simple as adding text lines to a file
in your favorite text editor.

Each line in an ignore file is an extended regular expression (see man 7 regex), but you may use simple strings as long as they match the log line you want to ignore. Just remember that characters like *, ?, '+', [], () are special in a regular expression, so if they actually appear in the log lines, you would have to escape them with a backslash in the ignore files.

In other words: if you get an alert you don't want to get,
look at the log line that was emailed to you, and add a pattern
that matches it, as one line to any ignore file of your choice. I suggest using
/etc/logcheck/ignore.d.<yourloglevel>/my-ignores as your personal ignore
file. Where <yourloglevel> is one of paranoid, server, or
workstation (as you've already selected in
the main config file: /etc/logcheck/logcheck.conf). Look at the examples in other
ignore files to see how to account for text that changes all the time like process-IDs, or time-stamps. There are lots of existing examples to learn from.

One last tip: logcheck comes with a little useful utility called logcheck-test which is very handy for testing new rules. man logcheck-test for details.