I'm not a syslog expert but here some thoughts:
If you send your data to LS through syslog you can either use TCP or UDP. With udp you risk loosing log lines. With TCP I don't know what syslog will do in case the connection is lost / blocked / ... Will it continue receiving log lines or write them into a cache or block your application from add more log lines?
Writing logs to file has the advantage of fast and simple local persistent cache. Here is where filebeat comes in: It picks up these files and can then send them to Logstash on its "own" speed. Also in case of a failure filebeat has the at least once guarantee, means it will pick up reading the log files where it last stopped.
It would also be interesting to know how critical it is that each log line is sent. If UDP is enough, I think syslog input would work quite well.
Just some thoughts / inputs, not really an answer yet, but I hope this brings you one step closer to it.