Once you have found an iframe file you wish to monitor, perhaps the shell scriptable version of inotify, inotifywait, would be the simplest solution. Use it in your script something like this:
#!/bin/sh
while inotifywait -e modify /var/log/messages; do
if tail -n1 /var/log/messages | grep httpd; then
kdialog --msgbox "Apache needs love!"
fi
done
In general, there are better file monitoring tools, such as auditd which includes prebuilt utilities and is specifically designed for security and auditing.
Also, there is the fanotify that provides user information and can monitor entire volumes efficiently. Check out the excellent sample tool: fatrace.
inotify suffers from several significant problems: it can't reliably monitor newly created folders, and can't identify the source (PID) of file changes. Neither of these is here, but using inotify directly would require some coding.