Yo Scott!
Yo Scott!
> If all logs are sent to a unix server that does
> syslogd the log entries would go into the file
> in order no matter what timestamp is on them.syslogd can have quite large buffers.
---------------------------------------Wouldn't the buffers empty in a FIFO manner?
Nope, each local syslog waits until its local buffer is full, or timed
out, then sends to the main syslog server.
The default flush_timeout() for syslog-ng is 10 seconds. That is a long
time when debugging SIP.
http://www.syslog.org/syslog-ng/v2/
RGDS
GARY
They will empty in whatever order the implementation decides to write them.
But what's more important is the order in which the incoming packets are presented to the syslogd process. If you're listening on TCP connections, the receive order is very much determined by the strategy the syslogd implementation uses to read from FDs with available data. I.e. elevator scan, lowest/highest first, circular queue, ... In a threaded implementation, your reader workers, buffer writers, etc., are all at the mercy of the threading implementation; it's difficult to control thread dispatch ordering at that level of granularity.
--lyndon