[syslog-ng] Odd issue from MS Windows with file date stamps

[Evan Rempel]

I am having an issue with tailing log files in Ms Windows.

I have configured the Syslog-ng Agent for windows to tail the latest 
file in a folder.
This works very well.
At some point the application decides it is going to "foll over" its log 
files so it start
a new log file.

At the point the new log file is created, the modified time of the new 
file is set, and it does
NOT change until the file is closed (that alone seems odd, but I have 
watched this happen).

Since the old/previous log file had some data in flight, by the time it 
flushes to disk and the file
is closed it is after the new file has been created. The old/previous 
file gets its modified time updated,
and now it appears to be the most recent.

The result is that the "current" file does not appear as the most recent 
until such time as it is closed.
syslog-ng then dumps the entire file to the central syslog server and 
then waits until the new file
gets closed.

This means that the central syslog server receives the log messages in 
batches every 10-15 minutes, or however
long it takes for the next file to reach its maximum size and get rolled 
over.

Has anyone experienced this?

More to the point, can anyone offer a solution?

Evan.