diff --git a/package/etc/conf.d/destinations/rawmsg_file.conf b/package/etc/conf.d/destinations/rawmsg_file.conf
new file mode 100644
index 0000000..f5faf88
--- /dev/null
+++ b/package/etc/conf.d/destinations/rawmsg_file.conf
@@ -0,0 +1,5 @@
+destination d_rawmsg {
+    file("/opt/syslog-ng/var/archive/rawmsg/${.splunk.sourcetype}/${HOST}/$YEAR-$MONTH-$DAY-message.log"
+         template("${RAWMSG}\n")
+     );
+};