New Windows Update LOG

Nice to see that Microsoft has changed the Log from Windows Update from

the ETL file format, to a readable LOG format.

In older Windows 10 versions (Builds) if you like to open the old and nice

WindowsUpdate.log to see what’s happen in patch installing, you must follow these steps: https://blogs.technet.microsoft.com/charlesa_us/2015/08/06/windows-10-windowsupdate-log-and-how-to-view-it-with-powershell-or-tracefmt-exe/

Like you have to download some Symbols and funny stuff to read on log.

That was a little curios for some reason.

When you open the Log File is always only a link in there that explain

you what you have to do to read that:

WindowsUpdate.log - Notepad File Edit Format View Help Windows Update logs are now generated using E TW (Event Tracing for Windows). Please run the Get-WindowsUpdateLog PowerShe11 command to convert E TW traces into a readable WindowsUpdate.10g. For more information, please visit http://go.microsoft .

In the end you have only some *.etl files if you use the Get-WindowsUpdateLog PowerShell Command.

That was not really helpful.

Now the time has Changed;

In Windows 10 1703 version

If you run the PowerShell command Get-WindowsUpdateLog

the etl files will be dumped in some tmp files and ended

File(s): c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . c: \WINDOWS\I ogs ndowsupdate\wi ndowsupdate . o . 000/051. 20170421.084333 . 259 . 20170421.092107. 506. 20170421. 124008. 698 . 20170421. 135201.074. 20170421. 143813 . 816 . 20170421. 152947. 643 . 20170421. 161755 .920. 20170421. 165129.038. 20170421. 204714. 128 . 20170422 .044255 . 311. output DumpFi1e: he command completed successfully. Input File(s): . \AppData\Loca1 \ Temp\wi ndowsupdateLog\wuet1 . csv. tmp .00004 c: \WINDOWS\I ogs\wi ndowsupdate\wi ndowsupdate . 20170424.080448.748.1. etl c: \WINDOWS\I ogs\wi ndowsupdate\wi ndowsupdate . 20170424.124007.614.1. etl c: \WINDOWS\I ogs\wi ndowsupdate\wi ndowsupdate . 20170424.143213.967.1. etl o . 000/0100 .00% output DumpFi1e: he command completed successfully. indowsupdate.log written to \ Temp\wi ndowsupdateLog\wuet1 . csv. tmp .00005 \Desktop\wi ndowsupdate . 1 og

in a log-file on your User desktop! You can open it in Notepad

and there we go with a readable version 🙂

Like:

2017 . 2017 . 2017 . 2017. 2017 . 2017 . 2017 . 2017. 2017 . 2017 . 2017 . 2017. •17.632 2017 . •17.632 2017 . •17.632 2017 . •17.840 2017. •17.840 2017 . •17.840 2017 . •17.840 2017 . •17.840 2017. •17.841 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 04. 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. 14. • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . • 42 . •42 : 16.5583377 •42 : 16.5583589 •42 : 16.5583618 •42 : 16.5583899 •42•.16.5653854 7236 •42 : 16.5653945 •42 : 16. 6288231 •42 : 16. 6288658 •42 : 16. 6298989 •42 : 16. 6299697 •42•.16.6299904 7236 •17. 6323338 •17. 6325267 •17.6325304 7236 • 17.8401484 • 17.8401506 • 17.8401597 • 17.8401608 • 17.8408209 • 17.8418605 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 7236 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 9780 IdleTimer Misc Agent Agent Misc Misc Misc Handler Misc Misc Misc Misc Misc Misc Misc Misc Misc Misc Agent Shared [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. [0] IC44. 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: :04/24/2017- 2634: : 04/24/2017- 14. •42 •.16. 558 14. •42 •.16. 558 14. •42 •.16. 558 14. •42 •.16. 558 14. •42 •.16. 565 14. •42 •.16. 565 14. •42•.16.628 14. •42•.16.628 14. •42•.16.629 14. •42•.16.629 14. •42•.16.629 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . 14. • 42 . [agent] Idle timer disabled in preparation for service shutdown [agent]WUTaskManager uninit [agent]Ear1iest future timer found: [agent] Timer: 29A863E7-8609-4DIE-B7CD-5668F857FIDB, Expires 2017-04-25 0 [susengine1ib]CreateSessionStateChangeTrigger, TYPE: 2, Enable:No [susengine1ib]CreateSessionStateChangeTrigger, TYPE :4, Enable:No [agent]Agent uninit [lib]CUHCbsHand1er: :Cance1Down10adRequest called [agent]Reporter uninit [agent]network cost manager uninit [agent]Eventer uninit [agent]ServiceManager uninit [agent]PersistentTimeoutSchedu1er uninit [agent]datastore uninit [agent]setting cache uninit [agent]security checker uninit [agent] Test Hook uninit [agent]Id1eTimer uninit [susengine1ib]S1eepStudyTracker: [agent] * END * Service exit Exit No longer monitoring sleep study events. code

Ok if you like to change the Log-File Path, no Problem, use this

command: Get-WindowsUpdateLog -LogPath C:\temp\test.log

There are some more options: get-help Get-WindowsUpdateLog

NAME

Get-WindowsUpdateLog

SYNOPSIS

Merges Windows Update .etl files into a single log file.

SYNTAX

Get-WindowsUpdateLog [[-ETLPath] <String[]>] [[-LogPath] <String>] [[-SymbolServer] <String>] [-ForceFlush]

[-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}] [-InformationVariable

<String>] [-ProcessingType {CSV | XML}] [-Confirm] [-WhatIf] [<CommonParameters>]

DESCRIPTION

The Get-WindowsUpdateLog cmdlet merges and converts Windows Update .etl files into a single readable

WindowsUpdate.log file. Windows Update Agent uses Event Tracing for Windows (ETW) to generate diagnostic logs.

Windows Update no longer directly produces a WindowsUpdate.log file. Instead, it produces .etl files that are not

immediately readable as written.

This cmdlet requires access to a Microsoft symbol server.

RELATED LINKS

WindowsUpdate_Cmdlets

REMARKS

To see the examples, type: “get-help Get-WindowsUpdateLog -examples”.

For more information, type: “get-help Get-WindowsUpdateLog -detailed”.

For technical information, type: “get-help Get-WindowsUpdateLog -full”.

For online help, type: “get-help Get-WindowsUpdateLog -online”

Have Fun, reading old school Windows Update Logs 😉

Posted on April 24, 2017 by mirko colemberg in Win10, wsus