rsyslog is a tools for writing logs in log files, rsyslog by default listens on 514 port. The config file is in:
nano /etc/rsyslog.d/my_log.conf
You can write many rules in it like this:
$template mydirectory_1,"/var/log/prod1/%FROMHOST-IP%/%syslogfacility-text%.log"
$template mydirectory_2,"/var/log/prod2/%FROMHOST-IP%/%syslogfacility-text%.log"
$outchannel my_warning,/var/log/my_log/warning.log
if $fromhost-ip=='172.16.111.111' then ?mydirectory_1
if $fromhost-ip=='172.16.111.222' then ?mydirectory_2
...
if $hostname startswith 'myhost' and $msg contains 'Warning:' then :omfile:$my_warning
& stop