Windows Update uses Event Tracing for Windows (ETW) to generate diagnostic logs in Windows 10, and save them in the .etl file format. The reason why this has been done, is because it reduces disk space usage as well as improves performance.
One fallout of this method is that, the Windows Update logs are not immediately readable. You need to decode the .etl file, which is the format these logs are saved as.
Windows Update logs in Windows 10
To read the Windows Update logs in Windows 10 Preview, Microsoft suggests the following method:
- Download Windows Symbol Package and install them using the method outlined here. Install these symbols to say, C:\symbols.
- Download Tracefmt.exe tool by following the instructions here. Tracefmt (Tracefmt.exe) is a command-line tool that formats and displays trace messages from an event trace log file (.etl) or a real-time trace session. Tracefmt can display the messages in the Command Prompt window or save them in a text file.
Now open a command prompt with administrative rights and create a temporary folder, named %systemdrive%\WULogs. Now copy Tracefmt.exe to this directory.
Now, Run the following commands one after the other:
cd /d %systemdrive%\WULogs
copy %windir%\Logs\WindowsUpdate\* %systemdrive%\WULogs\
tracefmt.exe -o windowsupate.log <each windows update log delimited by space> -r c:\Symbols
The method does look tedious and Microsoft has promised that they would improve things, in the final version of Windows 10. Full details can be found at KB3036646.
UPDATE: Well things have improved in the final version of Windows 10.
The WindowsUpdate.log is still located in C:\Windows, however when you open the file C:\Windows\WindowsUpdate.log, you will only see the following information:
Windows Update logs are now generated using ETW (Event Tracing for Windows). Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.
In order to read the WindowsUpdate.log in Windows 10, you will need to use Windows PowerShell cmdlet to re-create the WindowsUpdate.log the way we normally view it.
So open a PowerShell windows, type Get-WindowsUpdateLog and hit Enter.
You will be able to see the log/s. More on this can be found on TechNet.
- Tags: Windows Updates