Specifiy a syslog server on the router

Router(config)#logging a.b.c.d
Enable notification logging on the router
Router(config)#logging trap notifications

Enable logging for successfull and unsuccessfull login attempts

Router(config)#login on-success log
Router(config)#login on-failure log

You can also block login attempts to the device if numbers of failure occures during a specific amount of time (eg, block for 120 sec if 3 failure attempts within the 60 sec)

Router(config)#login block-for 120 attempts 3 within 60

If you like you can change the source address that will be shown on the syslog server

Router(config)#logging source-interface FastEthernet0/0

You can enable a specific amount of delay in seconds between logins to the router

Router(config)#login delay 5

If you would like to send a log of all changes that have been made on the router configuration to the syslog server as well, you need to do these steps:

!## Enter archive configuration mode

Router(config)# archive
!## Enter the configuration change logger mode
Router(config-archive)# log config
!## Enable logging for configuration change
Router(config-archive-log-config)# logging enable
!## Change the loggin queue size (Optional)
Router(config-archive-log-config)# logging size 200
!## Hide passwords from being sent to syslog in clear text (Optional)
Router(config-archive-log-config)# hidekeys
!## Send logs to syslog server
Router(config-archive-log-config)# notify syslog
Router(config-archive-log-config)# end