Forward logs in CEF format to another host

Hello,

I am currently receiving the logs from fortinet through the integration “Fortinet FortiGate Firewall Logs” which works without problem.

If I log into logstash and run a tcpdump I can see the logs being received.

I am trying to create a .conf file to forward a copy of those logs to another SIEM which requires me to be in CEF format, could you help me to build the .conf?

Is this example correct?

input {
tcp {
port => 1111
}
}

filter {}

output
tcp {
host => "192.168.1.2"
port => 2222
codec => cef {}

}

}