Windows Update uses Event Tracing for Windows (ETW) to generate diagnostic logs in Windows 10, and save them in the .etl file format. The reason why this has been done, is because it reduces disk space usage as well as improves performance.
One fallout of this method is that, the Windows Update logs are not immediately readable. You need to decode the .etl file, which is the format these logs are saved as.
Windows Update logs in Windows 10
To read the Windows Update logs in Windows 10 Preview, Microsoft suggests the following method:
1. Download Windows Symbol Package and install them using the method outlined here. Install these symbols to say, C:\symbols.
2. Download Tracefmt.exe tool by following the instructions here. Tracefmt (Tracefmt.exe) is a command-line tool that formats and displays trace messages from an event trace log file (.etl) or a real-time trace session. Tracefmt can display the messages in the Command Prompt window or save them in a text file.
Now open a command prompt with administrative rights and create a temporary folder, named %systemdrive%\WULogs. Now copy Tracefmt.exe to this directory.
Now, Run the following commands one after the other:
cd /d %systemdrive%\WULogs
copy %windir%\Logs\WindowsUpdate\* %systemdrive%\WULogs\
tracefmt.exe -o windowsupate.log <each windows update log delimited by space> -r c:\Symbols
The method does look tedious and Microsoft has promised that they would improve things, in the final version of Windows 10.
Full details can be found at
KB3036646.
twc
