Hi does anybody know if the buffered events are sent in any

Question

Hi does anybody know if the buffered events are sent in any specific order In example i have some hundreds agents collecting events in this case collecting from the `syslog events` table osquery is configured to send to a tls endpoint and the tls endpoint stops working for 3 hours Once the tls endpoint is responsive again osquery starts sending data but will it come in any order Will it start sending older events first and newer after Or will the order be random Thanks

Stefano Bonicatti · Answer

It will restart sending them in the order of the oldest first

Juan Alvarez · Answer

and will priorize them over the new ones In example if i have a constant 100EPS will it send the older ones when it has room to do so

Juan Alvarez · Answer

because new events will keep coming in all the time

Stefano Bonicatti · Answer

It s not a matter of prioritization there s a single queue of JSON serialized events that gets sent to the TLS service Keep in mind though that this order is based on when the events has been serialized in the DB which might not be the same order of when it actually has been generated

Stefano Bonicatti · Answer

That been said if we are not talking about having a total order that precisely respects when they are generated then again the buffered logger sends the logs from oldest to newest

Juan Alvarez · Answer

i see so while there are still pending events to send the new events will keep getting added to the queue and will only be sent after all the older events are sent

Stefano Bonicatti · Answer

yes

Juan Alvarez · Answer

understood thanks