/etc/periodic/security/800.loginfail
/etc/periodic/security/900.tcpwrap

Perhaps it's just me missing the bleeding obvious, but these two scripts appear to be wired backwards, and therefore don't produce output.  Also, the egrep regex in 800.loginfail doesn't work for me either.  A quick edit & test... and all appears to work as intended.

--- 800.loginfail-old   2019-10-19 19:05:16.208356000 +0000
+++ 800.loginfail       2020-06-18 18:24:45.772960000 +0000
@@ -46,7 +46,7 @@
 yesterday=`date -v-1d "+%b %e "`

 catmsgs() {
-       find ${LOG} -name 'auth.log.*' -mtime -2 |
+       find ${LOG} -name 'messages.*' -mtime -2 |
            sort -t. -r -n -k 2,2 |
            while read f
            do
@@ -55,7 +55,7 @@
                    *.bz2)      bzcat -f $f;;
                esac
            done
-       [ -f ${LOG}/auth.log ] && cat $LOG/auth.log
+       [ -f ${LOG}/messages ] && cat $LOG/messages
 }

 rc=0
@@ -64,7 +64,7 @@
 then
        echo ""
        echo "${host} login failures:"
-       n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
+       n=$(catmsgs | egrep -ia "^$yesterday.*: .*\<(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\>" |
            tee /dev/stderr | wc -l)
        [ $n -gt 0 ] && rc=1 || rc=0
 fi
--- 900.tcpwrap-old     2019-10-19 19:05:16.224470000 +0000
+++ 900.tcpwrap 2020-06-18 18:24:07.948855000 +0000
@@ -46,7 +46,7 @@
 yesterday=`date -v-1d "+%b %e "`

 catmsgs() {
-       find ${LOG} -name 'messages.*' -mtime -2 |
+       find ${LOG} -name 'auth.log.*' -mtime -2 |
            sort -t. -r -n -k 2,2 |
            while read f
            do
@@ -55,7 +55,7 @@
                    *.bz2)      bzcat -f $f;;
                esac
            done
-       [ -f ${LOG}/messages ] && cat $LOG/messages
+       [ -f ${LOG}/auth.log ] && cat $LOG/auth.log
 }

 rc=0