A Detailed Guide to Locating and Reviewing Logs for Azure Update Manager

When troubleshooting patching issues or assessing update compliance, finding the right log files is critical. The logs provide insights into agent activities, patch assessments, and update installations. This guide covers the various log locations depending on whether you’re working with Azure VMs or Azure Arc‑enabled servers, and explains how to query centralized update assessment results.

For Windows VMs and Azure Arc‑Enabled Servers

1. VM Agent Logs

The VM agent is essential for communicating with Azure and managing various extensions. On Windows VMs (and Arc‑enabled servers), you can find the VM agent logs here:

  • Location:
    C:\WindowsAzure\Logs\AggregateStatus

These logs contain detailed information about the VM agent’s activities, including startup messages, errors, and status updates. Reviewing these logs helps identify connectivity or initialization issues.

2. Patch Extension Logs

Patch extensions help automate the process of scanning, downloading, and installing updates. To troubleshoot patching issues, you should check the patch extension logs:

  • Location:
    C:\Packages\Plugins\Microsoft.CPlat.Core.WindowsPatchExtension<version>\

Within this folder, the two key log files are:

  • WindowsUpdateExtension.log:
    This log provides detailed records of the update scan, including which updates were detected, their statuses, and any errors during download or installation.
  • CommandExecution.log:
    This file logs the actions taken by the extension’s wrapper, including executing commands for patch assessment and installation. If there are delays or errors during command execution, this log is the first place to look.

3. Arc‑Enabled Server Logs

For Azure Arc‑enabled servers, additional logs related to update management can be found in the Guest Configuration logs:

  • Location:
    C:\ProgramData\GuestConfig\extension_logs\Microsoft.SoftwareUpdateManagement.WindowsOsUpdateExtension

These logs capture the detailed activities of the update management extension running on Arc‑enabled machines. They include information on the assessment process, installation attempts, and any failures encountered during patching.

For Linux Machines

1. VM Agent Logs

On Linux systems, the primary log file for the VM agent is:

  • Location:
    /var/log/waagent.log

This log records the agent’s activities, including configuration, heartbeat signals, and interactions with Azure. It’s essential for identifying connectivity or agent initialization problems.

2. Patch Extension Logs

For patch management on Linux, the patch extension logs provide details on how updates are assessed and installed:

  • Location:
    /var/log/azure/Microsoft.CPlat.Core.LinuxPatchExtension/

Within this directory, you will find logs that detail:

  • The patch assessment process: which updates are detected, their classifications (security, critical, etc.), and any pending updates.
  • The installation process: commands executed by the package manager (e.g., APT, YUM, or Zypper), download statuses, and errors encountered.

Centralized Querying Using Azure Update Manager

If you’re managing a large number of machines, manually reviewing log files on each machine can be cumbersome. Instead, consider using Azure Update Manager’s integration with Azure Resource Graph and Log Analytics:

  • Azure Resource Graph:
    This tool allows you to run queries across your environment, aggregating update assessment and deployment results. You can generate custom reports on patch compliance and update statuses.
  • Log Analytics Workspace:
    By linking your machines to a Log Analytics workspace, you can run queries that consolidate data from various log files. This centralized view simplifies the troubleshooting process by allowing you to see a comprehensive snapshot of update operations across all your VMs and Arc‑enabled servers.

For more details on how to utilize these centralized query tools, please refer to Microsoft’s official troubleshooting documentation for Azure Update Manager.

Conclusion

Understanding where to locate and how to review these log files is essential for effective troubleshooting of update management issues. Whether you’re working with Windows VMs, Azure Arc‑enabled servers, or Linux machines, the logs provide valuable insights into every step of the update process—from agent communication to patch assessment and installation.

For further reading and the latest troubleshooting steps, refer to Microsoft’s documentation:
Troubleshoot issues with Azure Update Manager

By leveraging these logs and centralized query tools, you can ensure that your environment remains up-to-date, secure, and compliant.

Junaid Ahmed
Junaid Ahmed

Junaid Ahmed is a Cloud Infrastructure and Identity Management expert with 10+ years of experience specializing in Azure Entra ID, ADFS, Hybrid Identity, and Azure Infrastructure Management. He has a proven track record of leading secure identity solutions, deploying high-value security projects, and troubleshooting complex Azure issues for global clients. Junaid excels in enhancing system performance, facilitating seamless collaboration across organizations, and delivering expert guidance on cloud migrations and infrastructure optimization. He seeks to leverage his expertise in a challenging Cloud Solution Architect role to drive success through innovative cloud solutions.

Articles: 33

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Crafting a Robust Naming Convention in Microsoft Entra ID
Agile Ceremonies Format and Sample Agenda
Agile Testing
SLIs, SLOs, SLAs, DevOps and SRE