Dmesg Command in Linux – Options + Examples

Last updated: May 19, 2022

Kernel is one of the most important components of a Linux operation system. This core component controls system resources including CPU and memory. When your system boots up and then performs various operations, the kernel writes several messages to the ring buffer. Linux system administrators can display these operating system operation messages using the dmesg command.

In this tutorial, we will learn how to use the dmesg command in Linux.

Prerequisites

  • A Linux computer with terminal access.
  • Basic understanding of the Linux commands.
  • Sudo or root user account privileges to execute the commands.

Linux Ring Buffer

When you start your Linux operating system, certain events occur, such as the kernel being loaded into the main memory. This process and all the processes after that write certain log messages to the ring buffer that system administrators use to troubleshoot device failure and system problems.

The Linux kernel ring buffer is a physical memory part that stores log messages generated by the kernel. It is a fixed size buffer and when it gets full the older logs are automatically deleted to make space for the new logs.

This buffer contains data such as device drive initialization messages, hardware messages, and kernel-related messages.

Dmesg command

Dmesg, also known as display message, prints all the log messages that are stored in the ring buffer. The default command output contains various fields and messages that include logs produced by device drivers, hardware devices, and other critical system components. Dmesg can also be used to control the kernel ring buffer.

The Linux dmesg command lets you read the kernel log messages from the virtual files in the /proc/kmsg virtual file system. This log file can be opened by only one process at a time. This command will hang if you try to display the log file contents using the cat command while the Syslog process is running. The kernel log messages are stored to the /var/log/dmesg by the Syslog daemon.

The basic syntax of dmesg is:

sudo dmesg [options]

Linux Dmesg Command Examples

The following examples will show you some of the most common use cases of this command.

Dmesg without any Options

By default, the dmesg command displays all the log messages that are stored in the kernel buffer:

sudo dmesg
output of dmesg without any options

The default output shows the following three parts of information:

  • Time, which displays the number of seconds since the boot time when the message was created. If the displayed time is 1.004294, then it means the log message was created 1 second after the boot time.
  • Device, which displays the component for which the message was created.
  • Message, which displays the actual operation.

Retrieve Messages

By default, all the messages are displayed, but the list is very long. Use the following command to display the last 10 messages:

sudo dmesg | tail -10
output of dmesg | tail

To display the first 10 messages in the kernel buffer, type:

sudo dmesg | head -10
output of dmesg | head

You can also use the cat command and grep command to show logs that match the specified component name or string:

cat dmesg | grep CPU
output of dmesg | grep

Add or Enable Timestamps

If the timestamp is enabled, then you can print timestamp in the dmesg output. Use the following command to check if the timestamp is enabled:

cat /sys/module/printk/parameters/time

If the output of this command is Y, it means the timestamp is enabled. Use the following command to enable timestamp if it is disabled:

echo Y > /sys/module/printk/parameters/time

To print kernel’s timestamps plus the number of seconds after the specified timestamp, use the -H option:

sudo dmesg -H
output of dmesg -H

The timestamp is displayed in the first line of the output. The rest of the entries display the number of seconds after the specified timestamp. The -H option shows one screen output at a time, and you can display the next message by pressing Enter key.

Show Human Readable Timestamps

To display the complete human-readable timestamps, use the -T option:

sudo dmesg -T
dmesg showing timestamps in human-readable

Timestamp Format

You can also specify the timestamp format based on your requirements. The supported timestamp format options are ctime, reltime, delta, notime, and iso. Use the following command to display the timestamp in the iso format:

sudo dmesg --time-format=iso
dmesg showing time format in iso

You can also use a custom date format for the timestamp:

sudo dmesg --ctime
dmesg custom date format

Colored Messages

You can enable or disable colored output in the dmesg command. Color is enabled in our system, so the color output is displayed by default. To display colored messages, use the following command:

sudo dmesg –-color=never
dmesg color less

If the color is disabled, then use the sudo dmesg --color=always command.

Watching Live Messages

To display new messages as they arrive, use the following command:

sudo dmesg --follow

Search for Specific Terms

You can search for specific terms in the kernel ring buffer log messages using the grep command with dmesg. To search for messages about memory, type:

sudo dmesg | grep memory
dmesg search memory

To search for messages about USB drive, type:

sudo dmesg | grep -i usb
dmesg search usb

To display messages about serial ports, type:

sudo dmesg | grep -i tty
dmesg search tty

To search for messages about network connections, type:

sudo dmesg | grep -i eth0
dmesg search eth0

To search for messages about the hard drives, type:

sudo dmesg | grep -i sda
dmesg search sda

To display messages about both USB and memory, type:

sudo dmesg | grep -E "usb|memory"
dmesg search usb and memory

To check for a CD Drive in your system, type:

sudo dmesg | grep -iE 'cdrom|dvd|cd/rw|cd-rom'
dmesg search multiple patterns

Specific Facility

The default dmesg output includes log messages about all the system components. You can filter these messages based on the processes that initiated the messages:

  • kern represents kernel messages.
  • user represents user-level messages.
  • mail represents mail system messages.
  • daemon displays messages about the system daemons.
  • auth displays user authorization messages.
  • Syslog represents internal syslogd messages.
  • lpr displays messages created by the line printer subsystem.
  • news displays messages created by the network news subsystem.

Specify the appropriate facility name with the dmesg command to display messages that are created by a particular facility. For example, to show messages about daemon, use the following command:

sudo dmesg --facility=daemon
dmesg showing specific facility name daemon

Log Levels

Every message logged in the buffer has a level that represents the severity or significance of the message. The following log levels are supported:

  • emerg shows emergency messages.
  • alert shows system alerts that require immediate attention.
  • crit shows critical system conditions.
  • err shows application or system error logs.
  • warn shows warning messages.
  • notice shows normal but important messages.
  • info shows only informational messages.
  • debug shows debug level messages. System administrators can troubleshoot kernel issues using debug-level messages.

To display only the warnings, specify the log level as warn:

sudo dmesg --level=warn
display warn log level

Combining Facility and Level

To display messages that include both log-level and facilities in human-readable output, use the -x option:

sudo dmesg -x
output of combining facility and level

Remove Sudo

In some Linux distributions, by default, non-root users may not run the dmesg command. You can remove this restriction to enable access for non-root users:

sudo sysctl -w kernel.dmesg_restrict=0
dmesg without sudo

Clear Dmesg Messages

Use the -c option to first print the dmesg output and then clear dmesg logs from the kernel ring buffer:

sudo dmesg -c
empty dmesg messages

To clear all messages without printing the output, use the -C option:

sudo dmesg -C

The dmesg log messages are automatically written to the /var/log/kern.log and /var/log/dmesg files. Log messages from these files are available even if you clear the dmesg messages using -c or -C options.

Stop Dmesg from Logging to Console

You can disable the printing of log messages in the dmesg command console, use the -D option:

sudo dmesg -D

To enable the printing of log messages, use the –E option:

sudo dmesg -E

The Dmesg Command Options

The following table describes some of the most commonly used options of this command:

OptionDescription
-CClears the kernel ring buffer.
-cPrints the kernel ring buffer messages before clearing.
-fRestricts the output to a particular facility.
-HPrints output in a human-readable format.
-LPrints colored output.
-lRestricts the output to a particular log level.
-SInstructs dmesg to read kernel messages from Syslog.
-sSpecifies buffer size for the kernel ring buffer.
-TPrints human-readable log message timestamps.
-tOmits timestamps in dmesg output.
--time-formatPrints output in the specified time format.
-w, --followUpdates dmesg output automatically.
-xPrints facility and level combined output.

Conclusion

In this tutorial, we learned how to use the dmesg command in Linux to print kernel ring buffer log messages on the user console. Try examples in this command to learn the command options and effectively use the dmesg command.

For more information, you can browse to dmesg man pages.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment