You would use pipeline-to-pipeline with a forked-path pattern.
The input would send events to two pipelines, one would just send those events to a syslog output, the other would parse them and route them to elasticsearch.
To parse CEF you can use the codec. You cannot use a codec on a pipeline-to-pipeline connection, but there is an example of how to do it using a TCP output/input pair here. Do not try to do it like this.
If you have problems with parsing the syslog timestamp then this might help.