Hi Riadh,
There's no need to convert logs to CEF.
The OMS agent by default accepts any syslog format.
There is a CEF process you can also apply if you are receiving logs that support CEF.
In your case, Catalyst logs are just basic syslog format.
So if you already have a syslog server with the OMS agent, and you've configured a Data Collection Rule in Azure to collect syslog, then you're set.
Just make your your DCR has the appropriate facility checked off - eg. if you're sending the logs with Facility 7, then the DCR also needs to be configured to receive Facility 7.
References:
https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog