#!/bin/bash
reg_snoopy="(.+?) (.+?) (.+?) (.+?) snoopy.+?login:([a-z]+)\s.+?cwd.+?\]: (.*)"
tail -fn0 /var/log/auth.log | \
while read line ; do
   if [[ $line =~ $reg_snoopy ]] ; then
	   echo "Date: ${BASH_REMATCH[1]} ${BASH_REMATCH[2]} ${BASH_REMATCH[3]}, utilisateur: ${BASH_REMATCH[5]}, commande: ${BASH_REMATCH[6]}"
   fi
done