Microsoft Powershell

Command Descriptions

Module:
Windows Update

This has been compiled by Les Lewis

Information was not changed; however, formatting was

updated to make more readable.
Contents

Get-WindowsUpdateLog .......................................................................................................... 3
SYNOPSIS ........................................................................................................................... 3
SYNTAX ............................................................................................................................... 3
DESCRIPTION ..................................................................................................................... 3
PARAMETERS ..................................................................................................................... 3
INPUTS ................................................................................................................................ 5
OUTPUTS ............................................................................................................................ 6
EXAMPLES .......................................................................................................................... 6
RELATED LINKS.................................................................................................................. 7
NAME

Get-WindowsUpdateLog
SYNOPSIS
Merges Windows Update .etl files into a single log file.

SYNTAX
Get-WindowsUpdateLog [[-ETLPath] <String[]>] [[-LogPath] <String>]
[[-SymbolServer] <String>] [-ForceFlush] [-InformationAction
{SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}] [-
InformationVariable <String>] [-ProcessingType {CSV | XML}] [-Confirm] [-
WhatIf] [<CommonParameters>]

DESCRIPTION
The Get-WindowsUpdateLog cmdlet merges and converts Windows Update
.etl files into a single readable WindowsUpdate.log file. Windows Update
Agent uses Event Tracing for Windows (ETW) to generate diagnostic logs.
Windows Update no longer directly produces a WindowsUpdate.log file.
Instead, it produces .etl files that are not immediately readable as
written.

This cmdlet requires access to a Microsoft symbol server.

PARAMETERS
-ETLPath [<String[]>]
Specifies an array of paths of Windows Update .etl files to
convert into WindowsUpdate.log. The default value for this parameter is
the Windows Update trace file directory for the current device. The
acceptable values for this parameter are:

-- The full path of a directory that contains one or more .etl

files.
-- The full path of a single .etl file.
-- A comma-separated list of full paths of .etl files.

Required? false
Position? 1
Default value none
Accept pipeline input? true(ByValue,ByPropertyName)
Accept wildcard characters? false

-ForceFlush [<SwitchParameter>]
Indicates that this cmdlet forces the Windows Update Agent on the
current device to flush all of its traces to .etl files. This process
stops the Update Orchestrator and Windows Update services. Running this
cmdlet with this parameter requires administrative credentials. You can
start Windows PowerShell with administrative credentials by using the Run
as administrator command.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationAction [<ActionPreference>]
Specifies how this cmdlet responds to an information event. The
acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationVariable [<String>]
Specifies a variable in which to store an information event
message.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-LogPath [<String>]
Specifies the full path to which Get-WindowsUpdateLog writes
WindowsUpdate.log. The default value is WindowsUpdate.log in the Desktop
folder of the current user.

Required? false
Position? 2
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-ProcessingType [<String>]
Specifies the file type that Get-WindowsUpdateLog uses for
temporary files that are created during intermediate processing. The
acceptable values for this parameter are:

-- CSV (comma-separated values)

-- XML
 By default, the value is CSV. The temporary files are in
$env:TEMP\WindowsUpdateLog.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-SymbolServer [<String>]
Specifies the URL of Microsoft Symbol Server. By default, this
value is the Microsoft public symbol server.

Required? false
Position? 3
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts
you for confirmation before running the cmdlet.

Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false

-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not
run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false

<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more
information, see about_CommonParameters
(https:/go.microsoft.com/fwlink/?LinkID=113216).

INPUTS
OUTPUTS

EXAMPLES
Example 1: Merge and convert Windows Update trace files

PS C:\>Get-WindowsUpdateLog
Converting C:\Windows\logs\WindowsUpdate into
C:\Users\Admin\Desktop\WindowsUpdate.log

Directory: C:\Users\admin\AppData\Local\Temp\WindowsUpdateLog

Mode LastWriteTime Length Name

---- ------------- ------ ----
d----- 5/30/2015 10:02 PM SymCache

Input
----------------
File(s):

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.112451.395.1.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.112502.723.1.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.112524.191.1.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.121921.075.1.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122031.684.1.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.1.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.2.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.3.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.4.etl

C:\Windows\logs\WindowsUpdate\WindowsUpdate.20150529.122432.434.5.etl

0.00%8.33%16.67%25.00%33.33%41.67%50.00%58.33%66.67%75.00%83.33%91.67%100
.00%

Output
----------------
 DumpFile:
C:\Users\admin\AppData\Local\Temp\WindowsUpdateLog\wuetl.CSV.tmp.0

The command completed successfully.

WindowsUpdate.log written to C:\Users\admin\Desktop\WindowsUpdate.log

This command merges and converts Windows Update trace files (.etl
files) into a single readable WindowsUpdate.log file.

RELATED LINKS
WindowsUpdate_Cmdlets