The syslog-ng Administrator Guide

The syslog-ng agent application can send messages to the server when the Windows Scheduler provides resources to the syslog-ng agent. When there are many unsent log messages in the log sources, and there is no other significant activity on the host, syslog-ng will start to send the messages to the server, possibly increasing the CPU load to 100%. After all messages have been sent, or if another application requires the resources, the CPU load decreases back to normal.

When relaying the messages from multiple sources, the syslog-ng agent sends one message at a time from each source. That way a single source with a large log traffic does not block other log sources.