I set up a quick test on my machine. As soon as I started to push some Syslog traffic across I saw the same thing:
C:\Users\mynamehere>netstat -ano | find "7116"
TCP 127.0.0.1:2225 0.0.0.0:0 LISTENING 7116
TCP 127.0.0.1:2225 127.0.0.1:55878 ESTABLISHED 7116
UDP 0.0.0.0:65066 *:* 7116
Essentially, I think what Kiwi Secure Tunnel Server is doing is establishing an facility from which it can send outbound UDP-based messages, much like DNS. It looks like it establishes one of these for every UDP Outgoing Port you configure, and they are established at start-up.
From a firewall perspective, as long as you allow UDP packets from the Secure Tunnel Server to your final syslog server, you should be fine. (There's no reason to allow UDP packets to hit the Secure Tunnel Server.)