Forward logs in CEF format to another host

juancamiloll · July 17, 2025, 8:16pm

Hello,

I am currently receiving the logs from fortinet through the integration “Fortinet FortiGate Firewall Logs” which works without problem.

If I log into logstash and run a tcpdump I can see the logs being received.

I am trying to create a .conf file to forward a copy of those logs to another SIEM which requires me to be in CEF format, could you help me to build the .conf?

Is this example correct?

input {
tcp {
port => 1111
}
}

filter {}

output
tcp {
host => "192.168.1.2"
port => 2222
codec => cef {}
}
}

Topic		Replies	Views
Logstash output as CEF data to other server Logstash	4	1935	April 26, 2019
How can I generate a CEF output Logstash	2	1184	May 29, 2023
Beat - logstash - logserver Logstash	5	277	July 30, 2020
Ingest events from ArcSight Logger to Elasticsearch using Forwarder Logstash	19	3433	January 9, 2018
How can I export data in CEF format using logstash Logstash	1	375	October 1, 2018

Forward logs in CEF format to another host

Related topics