Hey Victor,
The logger forwarder should forward CEF events in order to work with the logstash module. Therefore, on your Logger Forwarder; configure your Filter to only forward CEF events (i.e. deviceVendor IS NOT NULL or cefVersion IS NOT NULL).
If you'd like to test it; you can theoretically set up a logstash TCP listener and see if indeed the events forwarded from your logger is CEF or otherwise.
My guess is you have a few receivers in your logger which might co-mingle some CEF messages with RAW syslog messages but do test the above out.
Hope that helps, ~Nic