Try to figure out what exactly has been done on the site. If there are no visible content changes, it is possible that your site is used as a proxy server for black-hat SEO. Check the web server access logs to see if there are any URLs that shouldn't be there. Checking Google Search console might also give you some insight in this.
The usual way to do Drupal 7 logging is to save all the log entries to the database. This has it's benefits and it's problems: On one hand it works fine on every Drupal site without requiring any additional software or access to the server. On the other hand, it causes a few extra database queries (which in itself isn't that horrible, but when there are already plenty, you usually want to do everything in your power to minimize the amount...). And of course, for the logs to be useful they should be monitored and acted upon.
