The answer I hate most, actually applies here: "it depends". Specifically, it depends on several things:
- Who is the logging information for? Is it intended for business users (i.e., are there actual business requirements), is the information oriented at application management, do you need insight in frequently used features, etc.
- What is the granularity of the logged info? For instance: do you only need to know if the search function was used, do you want to know the search query or do you also need info on the actual search results?
- How accurate & complete does the info have to be? Audit trail requirements are usually very tight, technical ones often less so.
- Do you want to be able to roll back the actions/activities? And if so, who is going to do that (business user, support personnel)
- What does your deployment look like? If you have a single server, logging to text files or XML is more feasible than if you have a farm/load balanced environment.
For application logging, look at well-known providers such as log4net or the Enterprise Library logging application block; both allow you to configure where you want to log to (text file, database, etc).
For logging database actions, I suggest a solution in the database. Several versions of SQL Server 2008 have built-in support for auditing, Oracle has had this for years IIANM.