In Windows 10 the developers decided to get rid of the usual text format of Windows Update agent (WindowsUpdate.log) in favor of the event log service logging in the format of Event Tracing for Windows (ETW). With such an action, the developers planned to increase the performance of the logging system and reduce the space occupied by the text log on the disk.
Thus, Windows Update log files are no longer stored in the file % windir%\WindowsUpdate.log. Even though the file is still present in Windows root folder, it only says that the ETW format is used to collect logs now.
The disadvantage of the new method of logging is that Windows Update logs are not available for immediate study. This is extremely inconvenient for the SCCM and WSUS support services, which often use WindowsUpdate.log to analyze update system.
To analyze Windows Update log, you can convert ETW logs in the familiar text format of WindowsUpdate.log. A new PowerShell cmdlet – Get-WindowsUpdateLog – is used for this purpose. Using the following command you can make a selection for all .etl files (they are stored in C:\WINDOWS\Logs\WindowsUpdate) and get a single log file in the usual format:
- It reads the data from all .etl files
- The data are converted into CSV (by default) or XML format
- The data from the file in an intermediate format will be converted and added to the log text file specified in the LogPath parameter (if the parameter is LogPath is not specified, WindowsUpdate.log is created on the desktop of the user running the command)
Open the log file using this PowerShell command:
Invoke-Item -Path C:\Logs\WindowsUpdate.log
To analyse how Windows Update is operating, Event Viewer logs in Applications and Services Logs -> Microsoft -> Windows -> WindowsUpdateClient may also be useful.