I have been working with the log files in bro (weird.log, bro.log,
ftp.log, etc) and have noticed that they are written out in chunks of 4096
bytes.I know that this is possibly done for performance reasons, but has anyone
tried/done writing out to the log files in "real-time" (i.e., as soon
there is data to be written out (i.e., without buffering))?
I've been wanting to add a flush directive, and/or a signal handler
(for HUP, say) that would flush the files, but haven't gotten around to
it yet.
I have looked through the code looking for how and where this "buffering"
is specified and how the "chunk size" is specified to be 4096, but have
not had much success.
It's just the default size used by stdio. On my development system (FreeBSD),
it's 8192 bytes, by the way.
Note, though, that bro.log should be written unbuffered. If it's buffered
on your system, something strange is going on - there's an explict fflush()
in Logger.cc to make sure it goes out each time it's written.
Vern