Well, the above doesn't work.
So try this...
write a script that will send an email for every line iit reads from standard input (you can use the mail command).
Then pipe the output of /var/log/secure to the script this way:
tail -f /var/log/secure | grep sshd | grep root > scriptname
Jeff