This snippet should work. I saved it under /etc/rsyslog.d/local-network.conf # v5 config – docs used: http://www.rsyslog.com/doc/v8-stable/historical/multi_ruleset_legacy_format_samples.html $template HostBasedLog,”/var/log/network/%HOSTNAME%/%$YEAR%/%$MONTH%/%HOSTNAME%.log” $RuleSet remote *.* ?HostBasedLog # UDP config reverted in main config, and re-enabled here, in similar order # as main TCP example (I even enable the module here too) $ModLoad imudp # bind ruleset to udp listener […]