The WindowsUpdate.log, which logs activities of the Windows Update client, is not the easiest of log files to parse through but it’s handy one for finding details about update installation successes and failures. To make searching this log file easier both on the local computer, a remote computer (where PS remoting is enabled) or groups of computers, I wrote a simple but handy PowerShell script.
The script will retrieve the most important elements of the log – the date, time, component and entry text – and put them into a PS object. This allows us to summarise the number of entries in the log by either component or date, for example, or provide some search filters to find specific entries and in a specific time period, for example all the software updates installed in the last 3 days.
I haven’t tried this with Windows 10 yet, where the WU logging mechanism has changed, but it will work for older operating systems that have PowerShell installed.
Download
Download the script from the Technet Gallery.
Examples
Note: due to the number of results returned when parsing log entries, I recommend piping to Gridview for easier viewing.
First, let’s find the number of entries in the log for each component:
Parse-WindowsUpdateLog.ps1 -GroupBy Component
So there are 54 entries for the “Content Install” component, lets read those:
Parse-WindowsUpdateLog.ps1 -Component "Content Install" | Out-Gridview
Now let’s search for the keyword “warning” anywhere in the log, in the last 3 days, on a remote computer:
Parse-WindowsUpdateLog.ps1 -ComputerName SRV001 -Days 3 -Text warning | Out-GridView
A benefit of using PowerShell’s Gridview is that you can also filter the results dynamically using the criteria:
Let’s wrap the script in some additional code to find the number of updates successfully installed in the last 7 days across an array of computers:
"srvsccm-01","srvsccm-02","srvsccm-03v" | ForEach-Object {
$UpdatesInstalled = (Parse-WindowsUpdatesLog -ComputerName $_ -Days 7 -Text "Installation successful").Count
New-Object -TypeName PSObject -Property @{
ComputerName = $_
UpdatesInstalled = $UpdatesInstalled
}
} | ft -AutoSize
Finally, I want to find out if KB3092627 was installed on a group of servers in an AD group in the last 30 days:
Get-ADGroupMember -Identity SCCM2012_Secondary_WSUS_Servers |
Sort Name |
Select -ExpandProperty Name |
ForEach-Object {
$KB = Parse-WindowsUpdatesLog -ComputerName $_ -Days 30 -Text "KB3092627" |
where {$_.Details -match "Installation Successful"} |
Select -ExpandProperty Date
If ($KB -ne $null)
{$Installed = "True"}
Else {$Installed = "False"}
New-Object -TypeName PSObject -Property @{
ComputerName = $_
KBInstalled = $Installed
InstallDate = $KB
}
} | ft -AutoSize
Pretty handy 🙂
There is some (outdated) advice for searching the WindowsUpdate.log in the following MS KB: http://support.microsoft.com/en-us/kb/902093
The list of parameters you can use are:
-ComputerName (optional, to get results from a remote computer)
-Days (mandatory, the number of days past to search the log)
-Component (optional, choose from the list of available components to filter results)
-Text (optional, search for a specific keyword or phrase)
-GroupBy (optional, group results by either date or component to find the number of log entries)
