Posted on February 17, 2016 · Posted in Windows 10

Viewing WindowsUpdate.log in Windows 10

In Windows 10 the developers decided to get rid of the usual text format of Windows Update agent (WindowsUpdate.log) in favor of the event log service logging in the format of Event Tracing for Windows (ETW). With such an action, the developers planned to increase the performance of the logging system and reduce the space occupied by the text log on the disk.

Thus, Windows Update log files are no longer stored in the file % windir%\WindowsUpdate.log. Even though the file is still present in Windows root folder, it only says that the ETW format is used to collect logs now.

missing %windir%\WindowsUpdate.log in windows 10

Windows Update logs are now generated using ETW (Event Tracing for Windows).

Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.

For more information, please visit

The disadvantage of the new method of logging is that Windows Update logs are not available for immediate study. This is extremely inconvenient for the SCCM and WSUS support services, which often use WindowsUpdate.log to analyze update system.

To analyze Windows Update log, you can convert ETW logs in the familiar text format of WindowsUpdate.log. A new PowerShell cmdlet – Get-WindowsUpdateLog – is used for this purpose. Using the following command you can make a selection for all .etl files (they are stored in C:\WINDOWS\Logs\WindowsUpdate) and get a single log file in the usual format:

Get-WindowsUpdateLog -logpath C:\Logs\WindowsUpdate.log
Powershell Get-WindowsUpdateLog
During the first run, the cmdlet will download and install Microsoft Internet Symbol Store, then

  1. It reads the data from all .etl files
  2. The data are converted into CSV (by default) or XML format
  3. The data from the file in an intermediate format will be converted and added to the log text file specified in the LogPath parameter (if the parameter is LogPath is not specified, WindowsUpdate.log is created on the desktop of the user running the command)

Tip. Another way to analyze ETL files, but somewhat more complicated, is using Tracefmt.exe utility to receive data from .etl.

Open the log file using this PowerShell command:

Invoke-Item -Path C:\Logs\WindowsUpdate.log

Invoke-Item -Path C:\Logs\WindowsUpdate.log

Tip. Please, note that the created WindowsUpdate.log file is static and is not updated in real time as in previous Windows versions. To update its data, you need to run Get-WindowsUpdateLog cmdlet once again or create a script that automatically updates the file in real time.

To analyse how Windows Update is operating, Event Viewer logs in Applications and Services Logs -> Microsoft -> Windows -> WindowsUpdateClient may also be useful.

Related Articles