So the logout link isn't working. That explains why you can't logout. It sounds like the web server is killing the request. Obviously admin.php exists so the 404 makes no sense.
What if you just visit admin.php?login/logout (no security token). What happens? It should give a security error. But what I am really looking for is if this fixes the 404 error.
The logout link contains the CSRF token which is a fairly long string. If I had to guess I would say your server software might be hardened to impose limits on request locations or parameters. Suhosin in PHP can do this. Are you running suhosin? It could also be an Apache module like mod_security.