How to view and access Windows update logs?

What are Windows update logs?

Windows update logs are detailed records of system update activities, including the installation of patches, service packs, and driver updates. These logs provide a comprehensive history of all update-related events, helping system administrators and users track the update status of their systems. They are crucial for troubleshooting update-related issues and ensuring the successful deployment of updates across the organization.

Windows update logs contain various entries that provide insights into the update process:

• Successful updates: Entries indicating the successful installation of updates, including the update ID and revision number.
• Failed updates: Error codes and descriptions for failed updates help identify the root cause of the failure.
• Update history: A record of all installed updates, including their status and installation date.

How to view and access update logs in Windows 11?

In Windows 11, update logs can be accessed through various methods:

Method 1: Using Event Viewer:

1. Open Event Viewer:

• Press Windows + R to open the Run dialog.
• Type eventvwr and press Enter.

2. Check application and services logs:

• In the Event Viewer, expand the Application and Services Logs folder.

• Then navigate to Microsoft → Windows → WindowsUpdateClient.

• Click on Operational to view detailed logs about Windows Update activities.

Method 2: Using PowerShell:

1. Open PowerShell:

• Right-click the Start button and select Windows Terminal (Admin) or PowerShell (Admin).

2. Generate Windows update logs:

• In the PowerShell window, type the following command and press Enter: Get-WindowsUpdateLog

• This command converts the Windows Update logs into a readable format and saves them on your desktop.

3. View the logs:

• Navigate to your Desktop and open the WindowsUpdate.log file using any text editor, like Notepad.

Method 3: Using Windows update troubleshooter:

1. Open settings:

• Press Windows + I to open the Settings app.

2. Navigate to troubleshoot settings:

• In the left-hand menu, click on System.

• Scroll down and select Troubleshoot.

3. Open other troubleshooters:

• Click on Other troubleshooters (previously called Additional troubleshooters in earlier versions).

4. Run the Windows update troubleshooter:

• Under the Most frequent section, you’ll see Windows Update.
• Click the Run button next to Windows Update.

5. Follow the on-screen instructions:

• The troubleshooter will scan your system for any issues related to Windows Update.
• If any problems are found, the troubleshooter will either automatically fix them or provide instructions on how to resolve them manually.

After the process is complete, the troubleshooter will give you a report indicating any issues it detected and whether they were resolved. After the troubleshooting process, it's a good idea to restart your computer to apply any fixes that may have been made.

How can Windows update logs help with troubleshooting update issues?

When it comes to troubleshooting update issues, Windows update logs act as your diagnostic compass, providing clarity and direction, offering a detailed roadmap to navigate the complexities of update-related issues.

By examining the logs, you can:

• Identify error codes: Look for specific error codes in the logs that indicate the cause of the update failure.
• Correlate issues with recent changes: Check if any system changes, such as driver updates or application installations, coincide with the update failure.
• Verify update settings: Ensure that your system is configured to receive updates and that any policies or settings are not blocking the update process.

By leveraging the information provided in the Windows update logs, you can effectively troubleshoot and resolve update-related issues, ensuring the stability and security of your system.

How to analyze Windows update logs?

Analyzing Windows update logs using Event Viewer provides a comprehensive approach to monitoring and troubleshooting update issues. Here’s how:

Event Viewer is a built-in Windows tool that allows you to view detailed logs of system events, including Windows updates:

• Accessing Windows Update Logs:
• Open Event Viewer by typing Event Viewer in the Start menu and pressing Enter.
• Navigate to Applications and Services Logs → Microsoft → Windows → WindowsUpdateClient → Operational.
• Key event IDs to monitor:
• Event ID 19: Successful update installation.
• Event ID 20: Failed update installation.
• Event ID 41: Restart required for update completion.
• Using Event Viewer for troubleshooting:
• Look for errors or warnings related to updates.
• Identify patterns, such as recurring failures or specific updates causing issues.

By analyzing the logs using Windows Event Viewer or third-party log management tools like EventLog Analyzer, you can determine the update status of your system, identify any recurring issues, and track the progress of ongoing updates, enabling proactive troubleshooting and efficient update management.

Suggested reading: Check out our troubleshooting guide on critical Windows update error 0x80070643.

How to leverage ManageEngine EventLog Analyzer for Windows update logs?

ManageEngine EventLog Analyzer is a log management and IT compliance tool that can identify and detect various security threats from update logs, thereby helping system administrations efficiently respond to incidents and maintain a secure environment.

Here are the key security threats that can be identified:

• Update log monitoring: EventLog Analyzer continuously monitors Windows Update logs for any changes or issues in the update process, ensuring system patches are applied successfully.
• Automated alerts for failures: If an update fails or a critical patch isn't applied, real-time alerts are sent to administrators, enabling immediate action to prevent security vulnerabilities.
• Detailed audit reports: It generates detailed reports on the status of system updates, including successful, pending, and failed updates. These reports help maintain a clear view of system compliance and health.
• Here are some of the EventLog Analyzer reports that track for Windows update logs:
• Windows updates - installed: Tracks successful update installations to ensure compliance and timely application of patches.
• Windows update process failed: Tracks failed updates, pinpointing issues requiring attention.
• Update packages installed: Lists installed update types, aiding in security patch inventory.
• Installed/downloaded/detected: Monitors update steps, identifying disruptions in the update process.
• Failed hotpatching: Logs issues with incremental updates, crucial for high-priority patches on critical servers.
• Software updated: Tracks updates in OS components or third-party integrations, checking for system performance impacts.
• Compliance & audit readiness: Update logs are crucial for compliance reporting in regulated industries. EventLog Analyzer helps maintain audit trails to prove timely patching, a critical requirement for compliance with standards like PCI DSS, HIPAA, and GDPR.
• For example, PCI DSS explicitly requires organizations to maintain secure systems and applications under Requirement 6. Within this framework, timely application of patches is emphasized to address security vulnerabilities.
• Windows update logs are indispensable for meeting requirements such as 6.3.3, which mandates applying critical security patches within one month of release. Monitoring Windows update logs becomes necessary to:
• Document patch deployment: Update logs serve as an audit trail confirming that patches were applied within the required timeframe, ensuring no delays in mitigating critical vulnerabilities.
• Track failed updates: These logs capture details of failed patch installations, enabling timely remediation to avoid risks of non-compliance.
• Demonstrate compliance during audits: During audits, update logs provide evidence of adherence to patch management policies, showcasing how vulnerabilities are effectively mitigated.

Failure to comply with such requirements, including providing evidence of timely patch management, can result in penalties or compliance violations.

• Correlating logs with system events: EventLog Analyzer correlates update logs with other system logs (e.g., security or application logs) to identify any side effects of updates, like post-update crashes or application failures, helping mitigate downtime.

By using EventLog Analyzer, organizations can streamline the monitoring of Windows updates, ensuring systems are up-to-date and secure while staying ahead of compliance requirements.

What's next?