I am trying to change from UDP to TCP for syslogging on my 5585-X, version 9.6(4)3.  I am using the management interface, for which I have turned off "management only", and I also turned off management access.  However, the packets go out, but return traffic from the kiwi syslog server is getting discarded.

What am I doing wrong...

show logg
Syslog logging: enabled
    Facility: 18
    Timestamp logging: enabled
    Hide Username logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: level debugging, 28938958 messages logged
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level informational, facility 18, 2246130188 messages logged
        Logging to management 10.1.8.20 tcp/1470 Not connected since Thu, 05 Apr 2018 10:24:49 PDT TX:4881
            TCP SYSLOG_PKT_LOSS:0
            TCP [Channel Idx/Not Putable counts]: [0/0]
            TCP [Channel Idx/Not Putable counts]: [1/0]
            TCP [Channel Idx/Not Putable counts]: [2/0]
            TCP [Channel Idx/Not Putable counts]: [3/0]

    Global TCP syslog stats::
        NOT_PUTABLE: 0, ALL_CHANNEL_DOWN: 192
        CHANNEL_FLAP_CNT: 1432, SYSLOG_PKT_LOSS: 304
        PARTIAL_REWRITE_CNT: 0
    Permit-hostdown logging: enabled
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level debugging, 28939035 messages logged