Sometimes Zabbix agent slow process log files because of some of used functions and logic (agent scans directory for each iteration and send only one line from log file) are not quite good.
Some of information which should help improve performance of log monitoring on Windows systems:
1. Windows _findnext:
Unless you have a specific reason to use the versions that specify the time size explicitly, use _findnext or _wfindnext or, if you need to support file sizes greater than 3 GB, use _findnexti64 or _wfindnexti64. All these functions use the 64-bit time type in Visual C++ 2005. In previous versions, these functions used a 32-bit time type. If this is a breaking change for an application, you might define _USE_32BIT_TIME_T to get the old behavior. If _USE_32BIT_TIME_T is defined, _findnext, _finnexti64 and their corresponding Unicode versions use a 32-bit time.
So http://msdn.microsoft.com/en-us/library/6tkkkc1y(v=vs.80).aspx recommend use _wfindnext instead of _findnext for files bigger than 3GB.
2. _wstat64 is used for getting information about stats. We should use _wstati64 instead of _wstat64:
Variations of these functions support 32- or 64-bit time types, and 32- or 64-bit file lengths. The first numerical suffix (32 or 64) indicates the size of the time type used; the second suffix is either i32 or i64, indicating whether the file size is represented as a 32-bit or 64-bit integer.
3. For Windows we can use notification ReadDirectoryChangesW from http://msdn.microsoft.com/en-us/library/aa365261(VS.85).aspx (it is similar inotify for Linux).
Most of interesting is third point. With it we can wait changes of specified directory.