Syslog Server Configuraiton with rsyslog

#=============================================================
#### MODULES ####
#=============================================================
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

## Syslog Serfer
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

#=============================================================
#### GLOBAL DIRECTIVES ####
#=============================================================
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state

# Syslog Server
$umask 0022
$FileCreateMode 0644
$DirCreateMode 0755

#=============================================================
#### RULES ####
# Rules are applied sequentially from the top
#=============================================================
# Syslog Server Rule
$template RemoteHost, "/var/log/rsyslog/%$year%/%$month%/%$day%/%hostname%.%$year%%$month%%$day%.log"
:fromhost-ip, !isequal, "127.0.0.1" -?RemoteHost
& ~

# Default Rule
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log


# Max messages is 10000 messages in 30 seconds
# you must change /etc/systemd/journald.conf.
$imjournalRatelimitInterval 30
$imjournalRatelimitBurst 10000

# Template name is RemoteHost
$template RemoteHost, "/var/log/rsyslog/%hostname%/%hostname%.%$year%%$month%%$day%.log"
:fromhost-ip, !isequal, "127.0.0.1" -?RemoteHost
& ~

# Template name is RemoteHost
$template RemoteHost, "/var/log/rsyslog/%hostname%/%$year%/%$month%/%hostname%.%$day%.log"
:fromhost-ip, !isequal, "127.0.0.1" -?RemoteHost
& ~

# Template name is RemoteHost
$template RemoteHost, "/var/log/rsyslog/%$year%/%$month%/%$day%/%fromhost%_%$year%%$month%%$day%.log"
:fromhost-ip, !isequal, "127.0.0.1" -?RemoteHost
& ~

$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1, *.example.com, 192.168.0.0/24, 10.50.0.0/16

$ModLoad imtcp
$InputTCPServerRun 514
$AllowedSender TCP, 127.0.0.1, *.example.com, 192.168.0.0/24, 10.50.0.0/16

rsyslog (rsyslog.py)

• /etc/rsyslog.conf Default Configuration
• rsyslog Facility and Severity
• Syslog Server Configuraiton with rsyslog

rsyslog (rsyslog.py)