Expand To Show Full Article
Where to find and How to read Windows Update log in Windows 11/10

The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to read Windows Update log in Windows 11/10

Download PC Repair Tool to quickly find & fix Windows errors automatically

Windows Update uses Event Tracing for Windows (ETW) to generate diagnostic logs in Windows 11/10, and save them in the .etl file format. The reason why this has been done is that it reduces disk space usage as well as improves performance.

windows-10-update

One fallout of this method is that the Windows Update logs are not immediately readable. You need to decode the .etl file, which is the format these logs are saved in.

Read Windows Update logs in Windows 11/10

To read the Windows Update logs in Windows 11/10, Microsoft suggests the following method:

  1. Download Windows Symbol Package and install them using the method outlined here. Install these symbols to say, C:\symbols.
  2. Download Tracefmt.exe tool by following the instructions here. Tracefmt (Tracefmt.exe) is a command-line tool that formats and displays trace messages from an event trace log file (.etl) or a real-time trace session. Tracefmt can display the messages in the Command Prompt window or save them in a text file.

Now open a command prompt with administrative rights and create a temporary folder, named %systemdrive%\WULogs. Now copy Tracefmt.exe to this directory.

Now, Run the following commands one after the other:

cd /d %systemdrive%\WULogs
copy %windir%\Logs\WindowsUpdate\* %systemdrive%\WULogs\
tracefmt.exe -o windowsupate.log <each windows update log delimited by space> -r c:\Symbols

The method does look tedious and Microsoft has promised that they would improve things, in the final version of Windows 10. Full details can be found at KB3036646.

UPDATE: Well things have improved in Windows 11/10 now.

Use PowerShell to read Windows Update logs

read Windows Update log in Windows 10

The WindowsUpdate.log is still located in C:\Windows, however, when you open the file C:\Windows\WindowsUpdate.log, you will only see the following information:

Windows Update logs are now generated using ETW (Event Tracing for Windows). Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.

In order to read the WindowsUpdate.log in Windows 10, you will need to use Windows PowerShell cmdlet to re-create the WindowsUpdate.log the way we normally view it.

So open a PowerShell window, type Get-WindowsUpdateLog and hit Enter.

BONUS INFORMATION

Windows Update Log File formatting has been improved

When Microsoft released Windows 10, it substituted the Windows Update log file date log file from a plain text to a binary file format. The Windows Update log file is typically required by Developers and IT professionals to read vital information while debugging applications. The preferred format for the Update log file is text so that it can be opened using the plain text editor, or processed using the text editing tools.

However, with Microsoft replacing with an unreadable binary format, a new PowerShell cmdlet, Get-WindowsUpdateLog, was added to format the binary file and convert to the preferred text format.

This process required users to either connect to the Microsoft Symbol Server to get the latest symbol files or they needed to download the latest Windows symbol files before running the Get-WindowsUpdateLog cmdlet. However, the process would not lead to success if the latest symbols were unavailable at the Microsoft Symbol Server at the time of connection, thus throwing formatting issues in the formatted text files.

This issue has been sorted out now

Connection to Microsoft Symbol Server not required

With the release of Windows 10 v 1709, Microsoft has improved the overall Windows update log file access. Establishing a connection to the Microsoft Symbol Server to get the symbols is no longer required. Though, users will still have to run the Get-WindowsUpdateLog PowerShell cmdlet to translate the Windows Update log from its binary format into readable text files.

Windows Update Log File formatting improved

Observe the screenshots and you will find that though the computer has no network connection at all (see the icon at the bottom right), the Get-WindowsUpdateLog worked successfully.

Windows Update log file

What are Symbol files

For curious minds, here is an explanation. When applications, libraries, drivers, or operating systems are linked, the linker that creates the .exe and .dll files also create a number of additional files known as symbol files.

Symbol files are identified with the extension .pdb. They hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process. symbol files typically contain,

  • Global variables
  • Local variables
  • Function names and the addresses of their entry points
  • Frame pointer omission (FPO) records
  • Source-line numbers

Read next: Where to look for your Windows Update History.

438 Shares

[email protected]

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap