diff --git a/package/etc/conf.d/conflib/_common/templates.conf b/package/etc/conf.d/conflib/_common/templates.conf
index 7396617..4c08c89 100644
--- a/package/etc/conf.d/conflib/_common/templates.conf
+++ b/package/etc/conf.d/conflib/_common/templates.conf
@@ -34,14 +34,6 @@ template t_everything {
         template("${ISODATE} ${HOST} ${LEGACY_MSGHDR}${MESSAGE}");
         };
 
-# ===============================================================================================
-# CEF Header with message; useful for common event format (CEF)
-# ===============================================================================================
-
-template t_cef_hdr_msg {
-        template("$(strip $MESSAGE )");
-        };
-
 # ===============================================================================================
 # Message Header with Message; for Palo Alto
 # ===============================================================================================
diff --git a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
index ae446ee..64c1f29 100644
--- a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
@@ -44,6 +44,14 @@ parser p_cef_class {
     );
 };
 
+# ===============================================================================================
+# CEF Header with message; useful for common event format (CEF)
+# ===============================================================================================
+
+template t_cef_hdr_msg {
+        template("$(strip $MESSAGE )");
+        };
+
 log {
     junction {
 {{- if or (or (getenv  (print "SC4S_LISTEN_CEF_TCP_PORT")) (getenv  (print "SC4S_LISTEN_CEF_UDP_PORT"))) (getenv  (print "SC4S_LISTEN_CEF_TLS_PORT")) }}