[root@localhost ~]# cat /etc/rsyslog.conf | grep -Ev "^#|^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

# 定义一个模版
$template IpTemplate,"/var/log/usg/%FROMHOST-IP%/%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?IpTemplate
& ~  # &符号表示已经匹配处理的内容，~符号表示再也不进行其余处理

这样客户端发送过来的日志，rsyslog会根据源ip创建一个文件夹来保存日志。

测试：
通过logger命令测试发送日志
机器1：
logger -n 192.168.6.205 -p user.info "from server 1"

机器2：
logger -n 192.168.6.205 -p user.info "from server 2"

适合多个网络设备集中收集日志。