The following command is for an Apache setup with multiple vhosts:
tail -f /var/www/vhosts/*/statistics/logs/access_log | grep 'wp-login'
tail -f outputs the end of the log file and updates any new content to the screen as the file is being updated, thus allowing real-time monitoring.
I use this command when fail2ban tips me off to a brute-force attack in progress. This gives me the domain(s) that are getting hit and allows me to monitor the site more closely.