This answer no longer works. Undeleted at mirh's request and because it may serve as a reference point for future research. Use mirh's answer or my new answer instead.
Using tracefmt
as described below was based on Microsoft blog posts and worked when I posted it in early 2018 but stopped working sometime later that year. It doesn't appear to work any more, even for Windows 1709 or later.
You can convert the event trace logs into plain text using tracefmt
from the Windows 10 SDK.
First, copy the files from C:\Windows\Logs\WindowsUpdate
on the target machine to a convenient location on your admin machine.
Open a command line window, change to the directory containing the copy of the trace files, and run the following command:
for %i in (*.etl) do "c:\Program Files (x86)\Windows Kits\10\bin\x64\tracefmt.exe" -o %~ni.txt -r srv*c:\symbols*https://msdl.microsoft.com/download/symbols %i
The admin machine must have the Windows 10 SDK installed and needs direct internet access. It does not need to be running Windows 10 itself.
You may then wish to combine the logs together into a single file:
copy *.txt WindowsUpdate.log