I do support work and have several clients that use BPS - great plugin, does things very well for the most part. However, the logging feature is problematic for two reasons:
1. The log entries are very verbose so they take lots of space.
2. The BPS control panel loads the log file which can be inefficient.
I see that you are trying to keep things clean with the log file too large message, but I've got clients who are not under attack, but just have enough 403s that their log file exceeds the threshold and they start seeing the message within 5 minutes after clearing it. (And for some people, that message causes severe panic and emergency calls to me.)
I guess what I think would be a huge improvement would be:
1. A way to turn logging on and off. Logging is useful when you are looking at what is attacking, but for the most part it is a list of things that were successfully blocked. What is more important to me is a log of things that actually made it through. Being able to turn them on and off gives me the ability to take a look at what is happening if I want, but saving the disk i/o if I think I'm in good shape.
2. Don't load the log file into the control panel - at least initially. Most of the access to the control panel is not to simply view the log file so loading it is a waste of time and resources. There is a button to refresh it already which is good, if someone wants to view their log in the browser - they can press that. And if you don't load it automatically, then you have no need for the alarming log file too big messages.
Again, keep up the great work. Hope those suggestions help.