As far as logging, CIS does selective logging-in spite of what you might choose, they actually do the selection. SPI controlled features can't be blocked or logged at all, for example. D+ has no way to log allowed events. If you want to log everything, CIS won't do it. For a simple exercise, try to log all allowed input or all output as a global rule. Or go to GRC at
http://www.grc.com/intro.htm and do a port scan and try to log all the results. You will need to bypass your router to do that one, since NAT will block it otherwise. Check the new version to see if there has been an upgrade; haven't used it in a few months-If they have fixed it and just not told anyone, good on them anyway. I ran experiments to support disgruntled users on how to log things to solve their problems, and admit failure-but that was last year, so
You might still be able to do a search under "logging" for some of the threads and possibly add my user ID for some of the specific experiments.
BTW, this might have been a firewall deal breaker if I had not been a mod-I depend on the firewall logs to help with the hard problems, along with things like Wireshark. Don't know anything about the CIS AV logging, but Avast! logging is pretty simple and straightforward and includes a debug mode.