Get-WindowsUpdateLog

Merges Windows Update .etl files into a single log file.

Syntax

Get-WindowsUpdateLog
   [[-ETLPath] <String[]>]
   [[-LogPath] <String>][-ProcessingType <String>]
   [-ForceFlush]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Get-WindowsUpdateLog
   [-IncludeAllLogs]
   [<CommonParameters>]

Description

The Get-WindowsUpdateLog cmdlet merges and converts Windows Update .etl files into a single readable WindowsUpdate.log file. Windows Update Agent uses Event Tracing for Windows (ETW) to generate diagnostic logs. Windows Update no longer directly produces a WindowsUpdate.log file. Instead, it produces .etl files that aren't immediately readable as written.

For Windows 10 versions prior to 1709 (OS Build 16299), this cmdlet requires access to a Microsoft symbol server, and log decoding must be run from a Windows 10 version earlier than 1709. Logs from Windows 10, version 1709 onward don't require a Microsoft symbol server, and need to be decoded from Windows 10, versions 1709 or higher.

Examples

Example 1: Merge and convert Windows Update trace files

Get-WindowsUpdateLog

Converting C:\Windows\logs\WindowsUpdate into C:\Users\Admin\Desktop\WindowsUpdate.log




    Directory: C:\Users\admin\AppData\Local\Temp\WindowsUpdateLog


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        5/30/2015  10:02 PM                SymCache

Input
----------------
File(s):
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.112451.395.1.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.112502.723.1.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.112524.191.1.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.121921.075.1.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122031.684.1.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.1.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.2.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.3.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.4.etl
     C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.5.etl

0.00%8.33%16.67%25.00%33.33%41.67%50.00%58.33%66.67%75.00%83.33%91.67%100.00%

Output
----------------
DumpFile:           C:\Users\admin\AppData\Local\Temp\WindowsUpdateLog\wuetl.CSV.tmp.0

The command completed successfully.

WindowsUpdate.log written to C:\Users\admin\Desktop\WindowsUpdate.log

This command merges and converts Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ETLPath

Specifies an array of paths of Windows Update .etl files to convert into WindowsUpdate.log. The default value for this parameter is the Windows Update trace file directory for the current device. The acceptable values for this parameter are:

  • The full path of a directory that contains one or more .etl files.
  • The full path of a single .etl file.
  • A comma-separated list of full paths of .etl files.
Type:String[]
Aliases:PsPath
Position:0
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ForceFlush

Indicates that this cmdlet forces the Windows Update Agent on the current device to flush all of its traces to .etl files. This process stops the Update Orchestrator and Windows Update services. Running this cmdlet with this parameter requires administrative credentials. You can start Windows PowerShell with administrative credentials by using the Run as administrator command.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IncludeAllLogs

Decodes all update-related logs: Windows Update, Update Session Orchestrator (USO), and the update user interface (UX). This parameter is mutually exclusive of all other parameters of this cmdlet. Specifying this parameter uses defaults for all other parameters. This parameter causes a folder to be created on the desktop and readable WindowsUpdate.log, USO.log, and UX.log files are written to it.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LogPath

Specifies the full path to which Get-WindowsUpdateLog writes WindowsUpdate.log. The default value is WindowsUpdate.log in the Desktop folder of the current user.

Type:String
Position:1
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProcessingType

Specifies the file type that Get-WindowsUpdateLog uses for temporary files that are created during intermediate processing. The acceptable values for this parameter are:

  • CSV (comma-separated values)
  • XML

By default, the value is XML. The temporary files are in $env:TEMP\WindowsUpdateLog.

Type:String
Accepted values:CSV, XML
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet isn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String[]

Outputs

Object

Notes

The SymbolServer parameter is deprecated for Windows 1709 (OS Build 16299) and later.