Join Brien Posey for an in-depth discussion in this video Analyze log files in WSUS, part of Windows 10: Plan and Implement Software Updates.
- [Instructor] The Windows Server Updates Services console does a really good job of providing us with information through various dashboards and reports. Sometimes, however, you might need a little bit more detailed information, either for diagnostic purposes or for keeping track of administrative activities. And that's where the log files come into play. So let's take a look at the log files that are available to us. The way that we get to the log files is by opening up File Explorer. Then we go to This PC, C drive, Program Files, Update Services, and LogFiles.
And there are two log files within this folder. There's the Change.log file and the SoftwareDistribution.log file. The Change.log file keeps track of administrative activities. Let's go ahead and open this up. As you can see, each entry in the log file begins with a date/time stamp. So for example, this entry occurred on June 23, 2017, at 11:52:29. And the actual text of the log event was WSUS configuration has been changed by POSEYLAB\Administrator.
So we have a lot of different types of events that are logged in here. For example, here we can see Successfully deployed deployment (Decline) of, and then we have a Czech language pack update. So you'll see a lot of things like that within the log file. Now, the newest log entries tend to be found at the bottom of the file. So let's scroll down to the bottom and take a look at what's there. So here we have a number of successful deployments, and you can see that the status for these is listed as Install. So for example, the second to the last log entry shows Successfully deployed deployment(Install) of a Security update for Microsoft Office.
And if we look a little bit further to the right, we can see that this is a 32-bit edition by WUS Server. And then we can see the Update ID. So the very last line of the log file is Download re-tried. We don't have any subsequent log file entries, so this was the last event that was performed. So that's what the Change.log file looks like. Let me go ahead and close this out, and let's take a look at the Software Distribution log. I'll go ahead and open the Software Distribution log.
And like the other log file, all of the log entries begin with a date/time stamp. And you can see that this one's a little bit more uniform. We have everything organized into nice, neat columns. And let's go down to the bottom of the log file where the most recent log entries are found. So you can see that the information in this log file is somewhat varied, but everything starts with a date/time stamp. So even though a log entry may span multiple lines, you can identify each new entry by looking for that date/time stamp.
For example, right here is a date/time stamp. So everything from here down to this line constitutes a single log file entry, because we get to another date/time stamp immediately after that. So what do we have here? Well, this is an informational entry. And we can see that we have a source file, in this case msdownload/update/driver. And then we have a specific cab file. And then we have a destination file listing, and that's the E:\Updates folder.
That's where all of my updates are being stored. And we can see that the update was written to that folder as a cab file. And we can see the file name right there. Then in subsequent log file entries, we can see things related to the worker thread process. We can see things related to the download process. And then down at the very bottom, we can see that the content sync agent found no more jobs that needed to be handled, and that the agent was going to sleep. So that's, in a nutshell, what this particular log file looks like. So as you can see, it's a really great source of diagnostic information.
So those are what the log files that are provided by the Windows Server Update Services look like.
- Deploying updates manually
- Monitoring deployments
- Configuring automatic deployment rules
- Analyzing log files
- Approving and declining updates in Intune
- Deploying software from SCCM, WSUS, and Intune