There is already an internal log of some things, I'd like the ability to specify an external log file and/or log to syslog as well. The types of activities logged could be expanded as well.
Ultimately I'd like to setup fail2ban to monitor these logs and block access to the whole server based on them. So any log format that we can use a regex to tell what's going on (failed login, etc.) and the ip address it happened from would work, though a little thought in making it consistent would be good. Also would need a timestamp in an external log file (syslog would handle that itself).
As related examples, I'd like to log failed and successful logins, like the wp-fail2ban plugin does: http://wordpress.org/plugins/wp-fail2ban/
And it would be simple and very handy to add logging of spam comments under Spam Prevention, just like http://blog.shadypixel.com/spam-log-plugin/
You could even add logging of non-spam comments and posts, so a high threshold could be set and catch some misconfigurations. Say an ip address makes 100 comments an hour or whatever.
I'd be glad to work on fail2ban configuration examples you could include in your documentation. One other thing to mention in the docs is log file rotation if using an external log file (syslog probably has it covered).
Thanks for the plugin and considering all the feature requests!