If your log levels are set to 'INFO', authentication attempts will be logged to the Security Log. From there, you can parse entries for the information that interests you.
The log entry is formatted as follows:
Once you've parse the content, it would be trivial to log this data to a
Streamand perform various calculations (e.g. # of logins by user, # of total logins, etc.).