[syslog-ng]Message queueing

[mailing lists]

This is in regards to the method in which syslog-ng queues and writes
messages to disk.

The way I understand it, syslog-ng accepts syslog messages on UDP port
514, determines what action to take, then writes each line separately
to its determined place.  Even if the queueing option is set,
syslog-ng will still write the messages one at a time into their
respective files.

If this is a correct (albeit slim) understanding of syslog-ng's
workings, I ask the following questions:

Why is this the case?  Is it possible to alter syslog-ng to queue
multiple lines and write them together in a single write to speed up
the IO process?  The reason I am asking this question is that our
syslog-ng instance will often receive thousands of requests per
second, and I believe it is the disk IO that is causing the loss of
data.  The machines are powerful enough (dual 2.8Ghz processors,
though I understand syslog-ng is not multi threading), with plenty of
memory (2GB) and storage space (500GB).

Any insight into this issue would be greatly appreciated.

Thanks,
Bill