blog.colemberg.ch

New Windows Update LOG

by

mirko colemberg
in ,

Nice to see that Microsoft has changed the Log from Windows Update from

the ETL file format, to a readable LOG format.

In older Windows 10 versions (Builds) if you like to open the old and nice

WindowsUpdate.log to see what’s happen in patch installing, you must follow these steps: https://blogs.technet.microsoft.com/charlesa_us/2015/08/06/windows-10-windowsupdate-log-and-how-to-view-it-with-powershell-or-tracefmt-exe/

Like you have to download some Symbols and funny stuff to read on log.

That was a little curios for some reason.

When you open the Log File is always only a link in there that explain

you what you have to do to read that:

WindowsUpdate.log - Notepad File Edit Format View Help Windows Update logs are now generated using E TW (Event Tracing for Windows). Please run the Get-WindowsUpdateLog PowerShe11 command to convert E TW traces into a readable WindowsUpdate.10g. For more information, please visit http://go.microsoft .

In the end you have only some *.etl files if you use the Get-WindowsUpdateLog PowerShell Command.

That was not really helpful.

Now the time has Changed;

In Windows 10 1703 version

If you run the PowerShell command Get-WindowsUpdateLog

the etl files will be dumped in some tmp files and ended

File(s): c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . o . 000/051. 20170421.084333 . 259 . 20170421.092107. 506. 20170421. 124008. 698 . 20170421. 135201.074. 20170421. 143813 . 816 . 20170421. 152947. 643 . 20170421. 161755 .920. 20170421. 165129.038. 20170421. 204714. 128 . 20170422 .044255 . 311. output DumpFi1e: he command completed successfully. Input File(s): . \AppData\Loca1 \ Temp\wi ndowsupdateLog\wuet1 . csv. tmp .00004 c: \WINDOWS\I ogs\wi ndowsupdate\wi ndowsupdate . 20170424.080448.748.1. etl c: \WINDOWS\I ogs\wi ndowsupdate\wi ndowsupdate . 20170424.124007.614.1. etl c: \WINDOWS\I ogs\wi ndowsupdate\wi ndowsupdate . 20170424.143213.967.1. etl o . 000/0100 .00% output DumpFi1e: he command completed successfully. indowsupdate.log written to \ Temp\wi ndowsupdateLog\wuet1 . csv. tmp .00005 \Desktop\wi ndowsupdate . 1 og

in a log-file on your User desktop! You can open it in Notepad

and there we go with a readable version 🙂

Like:

2017 . 2017 . 2017 . 2017. 2017 . 2017 . 2017 . 2017. 2017 . 2017 . 2017 . 2017. •17.632 2017 . •17.632 2017 . •17.632 2017 . •17.840 2017. •17.840 2017 . •17.840 2017 . •17.840 2017 . •17.840 2017. •17.841 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . •42 : 16.5583377 •42 : 16.5583589 •42 : 16.5583618 •42 : 16.5583899 •42•.16.5653854 7236 •42 : 16.5653945 •42 : 16. 6288231 •42 : 16. 6288658 •42 : 16. 6298989 •42 : 16. 6299697 •42•.16.6299904 7236 •17. 6323338 •17. 6325267 •17.6325304 7236 • 17.8401484 • 17.8401506 • 17.8401597 • 17.8401608 • 17.8408209 • 17.8418605 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 IdleTimer Misc Agent Agent Misc Misc Misc Handler Misc Misc Misc Misc Misc Misc Misc Misc Misc Misc Agent Shared [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: : 04/24/2017- 14. •42 •.16. 558 14. •42 •.16. 558 14. •42 •.16. 558 14. •42 •.16. 558 14. •42 •.16. 565 14. •42 •.16. 565 14. •42•.16.628 14. •42•.16.628 14. •42•.16.629 14. •42•.16.629 14. •42•.16.629 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . [agent] Idle timer disabled in preparation for service shutdown [agent]WUTaskManager uninit [agent]Ear1iest future timer found: [agent] Timer: 29A863E7-8609-4DIE-B7CD-5668F857FIDB, Expires 2017-04-25 0 [susengine1ib]CreateSessionStateChangeTrigger, TYPE: 2, Enable:No [susengine1ib]CreateSessionStateChangeTrigger, TYPE :4, Enable:No [agent]Agent uninit [lib]CUHCbsHand1er: :Cance1Down10adRequest called [agent]Reporter uninit [agent]network cost manager uninit [agent]Eventer uninit [agent]ServiceManager uninit [agent]PersistentTimeoutSchedu1er uninit [agent]datastore uninit [agent]setting cache uninit [agent]security checker uninit [agent] Test Hook uninit [agent]Id1eTimer uninit [susengine1ib]S1eepStudyTracker: [agent] * END * Service exit Exit No longer monitoring sleep study events. code

Ok if you like to change the Log-File Path, no Problem, use this

command: Get-WindowsUpdateLog -LogPath C:\temp\test.log

There are some more options: get-help Get-WindowsUpdateLog

NAME

Get-WindowsUpdateLog

SYNOPSIS

Merges Windows Update .etl files into a single log file.

SYNTAX

Get-WindowsUpdateLog [[-ETLPath] <String[]>] [[-LogPath] <String>] [[-SymbolServer] <String>] [-ForceFlush]

[-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}] [-InformationVariable

<String>] [-ProcessingType {CSV | XML}] [-Confirm] [-WhatIf] [<CommonParameters>]

DESCRIPTION

The Get-WindowsUpdateLog cmdlet merges and converts Windows Update .etl files into a single readable

WindowsUpdate.log file. Windows Update Agent uses Event Tracing for Windows (ETW) to generate diagnostic logs.

Windows Update no longer directly produces a WindowsUpdate.log file. Instead, it produces .etl files that are not

immediately readable as written.

This cmdlet requires access to a Microsoft symbol server.

RELATED LINKS

WindowsUpdate_Cmdlets

REMARKS

To see the examples, type: “get-help Get-WindowsUpdateLog -examples”.

For more information, type: “get-help Get-WindowsUpdateLog -detailed”.

For technical information, type: “get-help Get-WindowsUpdateLog -full”.

For online help, type: “get-help Get-WindowsUpdateLog -online”

Have Fun, reading old school Windows Update Logs 😉

Comments

5 responses to “New Windows Update LOG”

  1. Kirill Nikolaev Avatar
    Kirill Nikolaev

    Hi Mirco! I am pretty sure I used Get-WindowsUpdateLog in 1511/1607 to generate a text log file too and this is something which has been around from the first release of Windows 10. The problem with the cmdlet though, is that Microsoft failed to update publicly available symbols in accordance with Windows updates, which often resulted with an empty text file.

  2. mirko colemberg Avatar
    mirko colemberg

    Yes I know, and that is why Microsoft changed that in the 1703 to have a readable File from beginning 😉 without any symbol import and so on.

  3. Kirill Nikolaev Avatar
    Kirill Nikolaev

    I don’t think they changed anything about that – it works only because WU components haven’t been updated since 1703 yet. I am sure we’ll see the old behavior after a couple of months.
    We have a support case ongoing regarding this cmdlet – AFAIK our change request hasn’t been even approved yet.

  4. mirko colemberg Avatar
    mirko colemberg

    it is, when I remember right, some information’s from the “new” Express update possibility is also in this log. I will test this and come back with another Blogpost about this.

  5. George Simos Avatar
    George Simos

    Mirko that is a very welcome change! I haven’t tried it on a clean 1703 build yet but in my Insider Preview Laptop the generated log file is mostly understandable in contrast with the past versions that were lucking symbols.
    I have also filed a feedback item as many others did in order to change the behaviour.
    However I still miss the old times real-time %windir%\windowsupdate.log file to be honest!

Leave a Reply

Follow

Get every new post delivered to your Inbox

Join other followers:

%d bloggers like this: