Beats (filebeat/metricbeat etc.) log to syslog with "logging.to_syslog: false"

Another sample log from syslog
Apr 29 21:39:04 HOST filebeat[11667]: ll:0xbf29d2215e5744af, ext:485438004601902, loc:(*time.Location)(0x2576ec0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x9f346, Device:0xfc00}}}, Flags:0x1} (status=403): {"type":"cluster_block_exception","reason":"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"}", "input":common.MapStr{"type":"log"}, "ecs":common.MapStr{"version":"1.0.0"}, "agent":common.MapStr{"id":"1de48a7d-4522-42e5-841f-fad32abec946", "version":"7.0.0", "type":"filebeat", "ephemeral_id":"be8c2fe5-0187-4c80-bcbd-c52c48376f41", "hostname":"HOST"}, "log":common.MapStr{"offset":4240367313, "file":common.MapStr{"path":"/var/log/syslog"}}, "tags":string{"Java", "NGINX", "web-tier"}, "event":common.MapStr{"module":"system", "dataset":"system.syslog", "timezone":"-04:00"}, "fileset":common.MapStr{"name":"syslog"}, "service":common.MapStr{"type":"system"}, "fields":common.MapStr{"env":"ENV"}, "host":common.MapStr{"name":"HOST", "id":"368271f369e754282a48113b5acbb98a", "containerized":false, "hostname":"HOST", "architecture":"x86_64", "os":common.MapStr{"version":"16.04.4 LTS (Xenial Xerus)", "family":"debian", "name":"Ubuntu", "kernel":"4.4.0-31-generic", "codename":"xenial", "platform":"ubuntu"}}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc000156b60), Source:"/var/log/syslog", Offset:4240369218, Timestamp:time.Time{wall:0xbf29d2215e5744af, ext:485438004601902, loc:(*time.Location)(0x2576ec0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x9f346, Device:0xfc00}}}, Flags:0x1} (status=403): {"type":"cluster_block_exception","reason":"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"}