Home / server / Questions / 899031
Accepted
Harry Johnston
Asked: 2018-02-27 18:42:31 +0800 CST

How can I convert the Windows Update client logs into plain text?

  • 772

In Windows 10, the Windows Update client uses event tracing rather than writing to a text file like it did in previous versions of Windows. This can make troubleshooting problems with client machines difficult.

The Get-WindowsUpdateLog cmdlet doesn't always work. In particular, it doesn't seem to work properly when run remotely, or when the target machine doesn't have direct internet access. I've also seen reports of other problems whose cause is less clear.

Is there a more reliable and flexible option?

windows-10

3 Answers

  1. Best Answer

    Starting from 1709 being offline (read: no access to the symbols servers) shouldn't be a liability anymore. You can just use Get-WindowsUpdateLog-LogPath .\WindowsUpdate.log from powershell.

    Or alternatively, if you don't like that:

    FOR %i IN (C:\Windows\Logs\WindowsUpdate\*.etl) DO tracerpt %i -of csv -o %~ni.csv
copy *.csv WindowsUpdate.csv

    (tracerpt seems somehow limited into creating single log files with more than ~4000 entries)

    • 2

  2. This answer no longer works. Undeleted at mirh's request and because it may serve as a reference point for future research. Use mirh's answer or my new answer instead.

    Using tracefmt as described below was based on Microsoft blog posts and worked when I posted it in early 2018 but stopped working sometime later that year. It doesn't appear to work any more, even for Windows 1709 or later.

    You can convert the event trace logs into plain text using tracefmt from the Windows 10 SDK.

    First, copy the files from C:\Windows\Logs\WindowsUpdate on the target machine to a convenient location on your admin machine.

    Open a command line window, change to the directory containing the copy of the trace files, and run the following command:

    for %i in (*.etl) do "c:\Program Files (x86)\Windows Kits\10\bin\x64\tracefmt.exe" -o %~ni.txt -r srv*c:\symbols*https://msdl.microsoft.com/download/symbols %i

    The admin machine must have the Windows 10 SDK installed and needs direct internet access. It does not need to be running Windows 10 itself.

    You may then wish to combine the logs together into a single file:

    copy *.txt WindowsUpdate.log
    • 0

  3. For Windows Server 2016 or Windows 2016 LTSB, this Microsoft article describes how to use the Get-WindowsUpdateLog command on a machine that doesn't have access to the Microsoft symbol server.

    The simplest option is to copy the .etl files from C:\Windows\Logs\WindowsUpdate on the offline machine to your (online) admin machine and then use the -ETLPath option to point Get-WindowsUpdateLog towards the copied files.

    • 0