First you need to decide what to record. Attempting to log in every user action seems unfeasible. Keeping track of his movements can be useful for analyzing the use of the interface and how the experience is. But it should be used at a specific time and if you have someone who will know how to analyze the data.
Log usage, which is called audit in the question, should record only what actually generates effect on the system.
Even because wrong actions of the user should not generate errors in the application. If this occurs, the error is from the programmer and needs to be resolved.
If logs what is written to the database, the best place to store the log is the database. I see no problem in doing this. Unless the application has architectural issues, but there's another problem. If you think you have a problem, show this.
You have several advantages in using the database. It has some advantages in using a text file on the server side.
Do not forget that storing the data on the client side, even in plain text, leaves the system vulnerable. If the user does something stupid, he will try to delete it.
The client side should be responsible for the user interface and nothing else. Business rules should be guaranteed or generate specific criticism in case it is flexible. But this should be done either in the database, or in the application, but on the server, not in the interface.
If you have the right architecture, the log process becomes almost transparent. It can even be 100% transparent with the right tools, although it can reduce the quality of the information in some cases.
As you evolve post specific questions.
Ah, audit is the logs analysis process.