Can auditd be used the check the contents of a file?

I've read the man pages, checked the discussion boards and the knowledge base, and my hunch is the
answer to this is probably "no". If that's the case, alternate suggestions would be helpful.

The problem:

I am evaluating a log analyzer product that looks for events on Linux hosts, switches, etc..
When talking to a Linux host, the product will use 'connectors' to examine the log files
created by auditd. Since the data in the auditd logs is tagged, this makes a lot of sense.

My problem is that for this particular case, I'm NOT looking to see when /var/log/messages
has been updated, but what we written IN /var/log/messages.

Specifically I'm looking for text strings such as "kernel: CIFS VFS: server not responding". I want
that text tagged and written to the auditd log file so the log analyzer connector can pick it up.

As far as I can tell, auditd looks for things like attempts to access the file, how the files was
accessed, who accessed the file, and whether it was successful, but there is no way to get it
look at what was written.

I would like to stick with system tools so that I don't have to re-invent the wheel, but right
now I'm thinking the sanest solution would be to write my own program to parse /var/log/messages
and write my own 'auditd-like' output file and have the connector use that instead.

Ideas?