Rsyslog 8.24 and multiple omfwd

I want to forward *.* to remote host via TCP/IP.
Also, I have local0 facility where messages are plain JSON messages and they has to be forwarded to same host, but other port (and uses same certificate for gTLS).

I've made a config:

# provides UDP syslog reception 
$ModLoad imudp 
$UDPServerAddress 127.0.0.1 
$UDPServerRun 514

# provides TCP syslog reception 
$ModLoad imtcp 
$InputTCPServerRun 514

$template logFormat,"[1234] <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [type=syslog] %msg%\n" 
$template logJSON,"{ \"token\": \"1234\", \"env\": \"testfield\" , %msg:2:$:%\n" 
$WorkDirectory /var/spool/rsyslog # where to place spool files 
$ActionQueueFileName fwdRule1 # unique name prefix for spool files 
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) 
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown 
$ActionQueueType LinkedList # run asynchronously 
$ActionResumeRetryCount -1 # infinite retries if host is down 
$DefaultNetstreamDriverCAFile /etc/ssl/certs/AddTrustExternalCARoot.crt

*.* action(type="omfwd" protocol="tcp" target="listener.example.com" port="5001" template="logFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.example.com") 
local0.info action(type="omfwd" protocol="tcp" target="listener.example.com" port="5005" template="logJSON" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.example.com") 
local0.* /var/log/app.log

Unfortunately, rsyslog doesn't even try to make a connection.
There's no evidence in netstat -nt, nor tcpdump

I'm looking for a way of forwarding those logstreams to their destinations without hacking it deeper in ELK stack. Can You help?