GETLOG (GL) finds and stores log records for events that occurred while WallWatcher (WW) was not running.

   A normal logging program receives log messages from the Router as it sends them, so the program must be running on a computer when the log messages are sent.  Records sent at other times are just lost, since nothing receives or saves them.

   GETLOG tries to find lost records by contacting the Router and retrieving the same HTML pages your Browser displays when you're signed onto the Router and looking at the logs on the "LOG" tab.  If the Router was on while WW was off, those pages may contain some or all of the lost records.

   Most Linksys BEF-series Routers only store about 70 log records of each type (Incoming and Outgoing), so if there's much overnight traffic, the older lost records may no longer be in the Router.  GL can compare the Router logs with WW's, fill in some of the timestamps, and highlight the lost records.  It displays these logs and can create WallWatcher compatible files from them.  Because the Router's records don't have their own timestamps and may be in different sequence from the WW logs, this match is inherently imperfect.

    The Linksys BEFSX, WAG54G (version 1), and BEFVP41 series Routers have an extra internal log (the System Log) that can store up to 1,000 records.  Those records contain timestamps and more information than the original internal logs. GL can display that System Log, do a very good match with the WW logs, and merge the missing records directly into your WallWatcher logs.  The quality of this match is mostly limited by the clock drift between the Router and your computer, and GL can often compensate for that. NOTE: GetLog cannot retrieve the System Log from all BEFSX41 Firmware versions.

    GETLOG can also monitor the Router's real IP Address and log any changes to a disk file.

    If you are using a Linksys Router whose internal logs provide correct timestamps (such as the BEFSX41), GETLOG can also maintain a special log file for the myNetWatchman Agent.

SECURITY and USABILITY ISSUES - PLEASE READ THIS SECTION

1. To use GETLOG, you have to supply the logon Password that allows access to the Router.  This is not the password you use to log onto your ISP, but still is a potential security exposure, since you can't be sure what GETLOG does with it.
2. If you use the "Save Password" feature, this password will be saved in a disk file in a minimally-encrypted format.  That is another potential security exposure, since a determined "hacker" with access to your hard drive may be able to decipher the Router's password.
3. As noted below, the "Convert IP Address" feature can take a long time to complete.

INSTALLATION

• To install the program, extract GetLog.exe and GetLog_Readme.html (this file) from GETLOG.ZIP.  If you're using WallWatcher, place them in the WallWatcher folder; otherwise, put them in any folder you like.
• Double-click GetLog.exe.  If it's window appears, you can skip the rest of this Installation section.  If you get an error message but no application window, it's probably because one or more required system files are missing from your system or are an incompatible version.

• GETLOG needs three special system files.  If you're using WallWatcher, those files are already installed.  Otherwise, they or may not already be in your Windows\System32 or Windows\System folder:

• MSVBVM50.DLL - this almost always is included with Windows.  If it is not on your system, you can download and install it from Microsoft's website.
• MSFLXGRD.OCX and MSINET.OCX
• If either of these is not properly installed on your system, you will get an "Unexpected Error" message when trying to start GETLOG.  You will have to obtain and install them to continue.
• They are in the WallWatcher "Library", which is available at the WallWatcher website.
• The WallWatcher "SETUP" program installs them automatically, but if you're not using WW or prefer to to it yourself:
• download the "Library" and extract these two OCX files from it
• find the System folder that contains MSVBVM50.DLL. That will be WINDOWS\SYSTEM32 or WINDOWS\SYSTEM, depending on the version of Windows you are using.
• if other versions of these OCX's are already in that folder, rename them in case you need them later.
• copy the downloaded OCX's to that System folder
• click the Windows START button
• click "Run"
• type: REGSVR32 WINDOWS\SYSTEM32\MSFLXGRD.OCX
• specify the correct SYSTEM folder (SYSTEM or SYSTEM32)
• click "OK", then repeat this procedure for MSINET.OCX
• a message saying "Registration succeeded" should appear each time.  After registering both OCX's, try GETLOG again.  If it still fails, please contact the author: support@wallwatcher.com, explain your software configuration and what's happening.

    To start the program, Double-click GETLOG.EXE or a shortcut you make to it.  The first time you ever run GL, It's Options pane should appear on the screen.

• If the default LAN IP address of the Router (192.168.1.1) is incorrect, change it;
• Enter the Password the Router expects for a logon;
• If you want the program to save the Router password, so that you don't have to enter it every time you use the program, make sure that "Save Password" is checked.
• Click "OK".  You can experiment with the other options later on.
• GL should start collecting log records from the Router.
• If you haven't given the correct address and password of the Router, GetLog will freeze for up to a minute and then tell you it couldn't find the Router.  Enter the correct information and try again.
• If you're running a software firewall, it should intercept GETLOG's first attempt to access the Router.  You will have to tell the firewall to allow those contacts.  Since GETLOG times out after a couple of seconds, it will fail while you're telling the firewall to allow it to operate.  So, after you finish adjusting your firewall, just click GL's "Run" button again.  It should work the second time and thereafter.
• Some software firewalls will require you to re-authorize each upgrade to GL.
• Once these one-time steps have succeeded, GL will begin collecting log records immediately on subsequent runs.

ADVANCED OPERATION

    The OPTIONS button displays the various ways you can customize GL for your router and preferences.

• As you move the mouse pointer over each option, an explanation of its use will appear in the window.  They are not explained here.

 
• When GETLOG begins, it looks for previously-saved options, which are kept in "GETLOG.INI".  If it finds that file, it retrieves the logs automatically, without waiting for you to click "RUN".  Once the logs have been displayed, "RUN" changes to "REFRESH", since you can ask GL to retrieve updated logs at any time.

 
• If GL finds WallWatcher log files and the "Compare with WW logs" option is checked, it will compare their contents to the log records it has retrieved directly from the Router.
• Non-SysLog compares: if GL finds a match, it copies the date and time from the WW record to the list on the screen.  These date/time stamps may help you estimate when the non-matching events occurred.
• This comparison usually is reasonably accurate, but sometimes is wildly wrong.  Various conditions can cause GL to flag groups of records that actually are in the WW logs, or to not flag records that should be flagged.
• SysLog compares (BEFSX41): the Router logs contain timestamps, and they are included in the comparisons.
• The comparison should be perfectly accurate, or nearly so, since the SysLog has good timestamps,  full 'port' information, and is in the same sequence as the WW logs.
• if a GL record is in one of WW's "don't log" lists, it will be shaded in light gray and ignored
• if a GL log record isn't not found in the WW logs and is not in a "don't log" list, it will be highlighted in light blue.

• GL can attempt to convert IP Addresses to URL's (names) and vice versa, using a reverse DNS or normal DNS lookup.  You can enable or disable these conversions by checking or unchecking Convert IP's to URL's and Convert URL's to IP's.
• CAUTION: These lookups normally are very fast, but some attempts to convert an IP to a URL can take up to a minute for each address lookup (usually because no name is available).  GETLOG has no control over this, so if this delay occurs on each of several log records, the program may seem to stall for several minutes.
• If you are running Windows XP or Windows 2000, GL will use a DNS-only lookup that avoids the possible use of a NetBios lookup.  This is faster and more secure, but won't find as many names as a full-scale lookup.
• GETLOG "caches" the addresses, so subsequent lookups of the same address or URL will be almost instantaneous.
• If the conversion process takes too long, you can click the "Cancel" button ONCE and then wait (up to a minute) for the current lookup to complete, after which the remaining conversions will be skipped.  If you click "Cancel" more than once, GL will terminate after the current lookup times out.

• Old-style internal logs do not contain as much information as the WallWatcher logs.  GETLOG scans the Remote port field, and when it finds a port name ("service") it adds the port number to it, so you will see it both ways.  The newer System Log in the BEFSX series contains all of the information that is in the WW logs.

 
• The "Monitor IP Address changes" option tells GETLOG to check the Router's Real IP Address every five seconds, and to record time-stamped changes in a log file called "IPADDRESSLOG.TXT".
• This is only useful if your ISP changes your IP Address from time to time, and if you have a special reason for needing to know the current address and when it changes.
• You must keep GETLOG running for this monitoring to be effective.  You can minimize it (but not to the Tray) to get the window off the screen.
• Each time you start GETLOG with this option enabled, it will record the current address in its log file.
• The current IP Address will be displayed in of GETLOG's window if you use this option.

 
• If your Router supports the larger, more complete System Log, GL will display an additional option to let you use it, which you definitely want to do.  When that option is "checked", additional options will appear in the window.  They are unique to the System Log, ,and are neither displayed nor available for use with the original Incoming/Outgoing logs.
• GL's Options are explained in detail on-screen when you're using them: just move the mouse pointer over an option to see the explanation.

• The "Save all" button is only available with old-style Router logs (all supported Routers have these).  The button saves the Input and Output logs in a single file (oldest record first), in the same format as a WallWatcher log file.  If possible, it saves them in the same directory WallWatcher uses for logging.  You can use all of WallReViewer's features to analyse these logs.  The filename will be "LOG yyyy-mm-dd hhmm.txt", (the date and time you clicked the button).
• Since the actual dates and times were not recorded by the Router, GETLOG timestamps each record as follows:
• If no matching WW log records were found, GETLOG uses the date/time when you clicked the "Save" button.
• If some matching WW log records were found, GETLOG uses those date/times for the matching records, and calculates slightly earlier or later times for the non-matching records.  Don't try to use the calculated times to determine just when the actual events occurred, because they're not, and cannot be, accurate.
• Since some fields in normal log records are not present in the internal logs, GETLOG fills those in with zeros.  It saves the Remote Port numbers, not their service names, because WallReViewer can supply the names.

 
• The "Save highlighted" (or "Update the WallWatcher logs") button saves only the log entries highlighted in light blue (the ones GETLOG couldn't match with WallWatcher log entries, and which presumably were not captured or logged by WW).  If you are using the Input/Output logs, these records are saved as described for the "Save All" button.  If you are using the BEFSX "System Log", the records will be merged directly into the WallWatcher logs.

• Clicking on any Address, URL, or Message in a log record brings up a menu with one or more of these choices:
• Lookup Remote Address (or URL/IP)

This attempts to do a DNS or Reverse DNS lookup on the IP Address or URL you've chosen.  The result will appear in a pop-up box and remain on the screen until you move the mouse.  Please note that Reverse DNS lookups (Address to Name) can take up to a minute, as explained earlier.
• Copy to Clipboard

This copies the Address, URL/IP, or Message to the clipboard; you can paste that value into some other program.
• Mark this record for logging (SysLog only)

tells GL to log a record even if it's in the "Don't log" list you've created with WW ("HideAddr.txt", "HidePort.txt")
• UnMark this record for logging (SysLog only)

tells GL not to log a record even if it's not in the "Don't log" list
• Mark all records similar to this one for logging (SysLog only)

tells GL to log all records like this one, even if they are in the "Don't log" list.  "Similar" means the same Remote IP address, or the same Remote URL, or the same Message.
• UnMark all records similar to this one for logging (SysLog only)

tells GL not to log any records like this one, even if they are not in the "Don't log" list.  "Similar" means the same Remote IP address, or the same Remote URL, or the same Message.

    You can DOWNLOAD GETLOG from here.  The page you're reading now is included with the program.

UPDATES
 

SUPPORT
Please send feedback, questions, and problem reports to: support@wallwatcher.com .  Please include either "GetLog" or "WallWatcher" in the SUBJECT to bypass the spam filters.