This is going to be very dependent on your environment. The basics are you are going to need an Input, and Output and a Route.
Input will read wherever your source log is coming from. (antivirus event in your case)
Output will be however you need to send to your monitoring server. (tcp, udp, http, etc)
I suggest giving the following section a read through. The manual has a lot of good information in it to help you configure various setups.