I wanted to read the WindowsUpdate.log created by the Get-WindowsUpdateLog cmdlet. I knew there is an article that shows How to read the Windowsupdate.log file that I used some years ago to color the windows update log.
I also noticed that there’s a major difference in the content of the log.
The column separator is not longer a tab, it’s a serie of spaces.
I’ve also discovered another very insightful article about Understanding the Windowsupdate.log file for advanced users
I created another function that uses regular expression grouping to split each line and extracts the info based on the given format:
Function Import-WindowsUpdateLog { | |
<# | |
.SYNOPSIS | |
Read the content of the Windows Update log and import it as an object | |
.DESCRIPTION | |
Read the content of the Windows Update log and import it as an object. | |
It will read each line and create an object with the following properties: | |
Date,Hour,PID,TID,Component,Message | |
.PARAMETER FilePath | |
The path of the windows update log file. | |
.EXAMPLE | |
Import-WindowsUpdateLog -FilePath ~\Desktop\WindowsUpdate.log | |
.EXAMPLE | |
"~\Desktop\WindowsUpdate.log" | Import-WindowsUpdateLog | Out-GridView | |
.EXAMPLE | |
Get-Item ~\Desktop\WindowsUpdate.log | Import-WindowsUpdateLog | Out-GridView | |
#> | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory,ValueFromPipeline,ValueFromPipelineByPropertyName)] | |
[Alias('Path','PSPath')] | |
[ValidateScript({ | |
Test-Path -Path $_ -PathType Leaf | |
})] | |
[string]$FilePath | |
) | |
Begin {} | |
Process { | |
try { | |
Get-Content -Path $FilePath -ReadCount 1 -ErrorAction Stop | | |
ForEach-Object { | |
$Date,$Hour,$WUPID,$WUTID,$Component,$Message = ( | |
[regex]'^(?<Date>2\d{3}/\d{2}/\d{2})\s+(?<Hour>\d{2}:\d{2}:\d{2}\.\d{1,23})\s+(?<PID>\d{1,6})\s+(?<TID>\d{1,6})\s+(?<Component>[a-zA-Z]+)\s+(?<Message>.+)' | |
).Match($_).Groups | Select-Object -Last 6 -ExpandProperty Value | |
[PsCustomObject]@{ | |
Date = $Date | |
Hour = $Hour | |
PID = $WUPID | |
TID = $WUTID | |
Component = $Component | |
Message = $Message | |
} | |
} | |
} catch { | |
Throw "Failed because $($_.Exception.Message)" | |
} | |
} | |
End {} | |
} |
With this function, you can simply do:
"~\Desktop\WindowsUpdate.log" | Import-WindowsUpdateLog | Out-GridView
and you can use the Out-GridView cmdlet to filter and search what you’re looking for:
The above function is quite handy and would for sure replace notepad to read the human readable WindowsUpdate log file created by the Get-WindowsUpdateLog cmdlet.
Pingback: Dew Drop - January 8, 2018 (#2638) - Morning Dew
Bonjour,
Essai avec Windows 10 v1607
Avec le cmdlet Get-WindowsUpdateLog un fichier log est créé sur le bureau
Ensuite :
“~\Desktop\WindowsUpdate.log” | Import-WindowsUpdateLog | Out-GridView
Le tableau est vide !
WindowsUpdate.log sur le bureau a bel et bien un contenu.
Une idée ?
Bonjour,
La cmdlet Get-WindowsUpdateLog sur Windows 10 1607 et Server 2016 a une forte adhérence aux symboles publiées en ligne par Microsoft. Ceux-ci doivent être publiés par Microsoft après chaque mise à jour cumulative. Sans les symboles, il n’est pas possible de décoder les fichier ETL.
Cela dit, une fois les symboles publiés, il est possible de les télécharger au cas où le PC/server n’a pas accès à Internet et d’utiliser le paramètre -SymbolServer pointant sur l’endroit où vous avez téléchargé les symboles.
Références:
https://docs.microsoft.com/en-us/powershell/module/windowsupdate/get-windowsupdatelog?f=255&MSPPError=-2147217396&view=win10-ps
https://social.technet.microsoft.com/Forums/en-US/6da44666-4e4b-48e2-bc93-7d7430860dc3/server-2016-windows-update-logs-getwindowsupdatelog?forum=ws2016
PS: Ce problème d’adhérence à la publication et mise à jour de symboles n’existe plus à partir des version 1709
Good luck