Kernel is one of the most important components of a Linux operation system. This core component controls system resources including CPU and memory. When your system boots up and then performs various operations, the kernel writes several messages to the ring buffer. Linux system administrators can display these operating system operation messages using the dmesg command.
In this tutorial, we will learn how to use the dmesg command in Linux.
- A Linux computer with terminal access.
- Basic understanding of the Linux commands.
- Sudo or root user account privileges to execute the commands.
Linux Ring Buffer
When you start your Linux operating system, certain events occur, such as the kernel being loaded into the main memory. This process and all the processes after that write certain log messages to the ring buffer that system administrators use to troubleshoot device failure and system problems.
The Linux kernel ring buffer is a physical memory part that stores log messages generated by the kernel. It is a fixed size buffer and when it gets full the older logs are automatically deleted to make space for the new logs.
This buffer contains data such as device drive initialization messages, hardware messages, and kernel-related messages.
Dmesg, also known as display message, prints all the log messages that are stored in the ring buffer. The default command output contains various fields and messages that include logs produced by device drivers, hardware devices, and other critical system components. Dmesg can also be used to control the kernel ring buffer.
The Linux dmesg command lets you read the kernel log messages from the virtual files in the /proc/kmsg virtual file system. This log file can be opened by only one process at a time. This command will hang if you try to display the log file contents using the cat command while the Syslog process is running. The kernel log messages are stored to the /var/log/dmesg by the Syslog daemon.
The basic syntax of dmesg is:
sudo dmesg [options]
Linux Dmesg Command Examples
The following examples will show you some of the most common use cases of this command.
Dmesg without any Options
By default, the dmesg command displays all the log messages that are stored in the kernel buffer:
The default output shows the following three parts of information:
- Time, which displays the number of seconds since the boot time when the message was created. If the displayed time is 1.004294, then it means the log message was created 1 second after the boot time.
- Device, which displays the component for which the message was created.
- Message, which displays the actual operation.
By default, all the messages are displayed, but the list is very long. Use the following command to display the last 10 messages:
sudo dmesg | tail -10
To display the first 10 messages in the kernel buffer, type:
sudo dmesg | head -10
You can also use the cat command and grep command to show logs that match the specified component name or string:
cat dmesg | grep CPU
Add or Enable Timestamps
If the timestamp is enabled, then you can print timestamp in the dmesg output. Use the following command to check if the timestamp is enabled:
If the output of this command is Y, it means the timestamp is enabled. Use the following command to enable timestamp if it is disabled:
echo Y > /sys/module/printk/parameters/time
To print kernel’s timestamps plus the number of seconds after the specified timestamp, use the -H option:
sudo dmesg -H
The timestamp is displayed in the first line of the output. The rest of the entries display the number of seconds after the specified timestamp. The -H option shows one screen output at a time, and you can display the next message by pressing Enter key.
Show Human Readable Timestamps
To display the complete human-readable timestamps, use the -T option:
sudo dmesg -T
You can also specify the timestamp format based on your requirements. The supported timestamp format options are ctime, reltime, delta, notime, and iso. Use the following command to display the timestamp in the iso format:
sudo dmesg --time-format=iso
You can also use a custom date format for the timestamp:
sudo dmesg --ctime
You can enable or disable colored output in the dmesg command. Color is enabled in our system, so the color output is displayed by default. To display colored messages, use the following command:
sudo dmesg –-color=never
If the color is disabled, then use the sudo dmesg --color=always command.
Watching Live Messages
To display new messages as they arrive, use the following command:
sudo dmesg --follow
Search for Specific Terms
You can search for specific terms in the kernel ring buffer log messages using the grep command with dmesg. To search for messages about memory, type:
sudo dmesg | grep memory
To search for messages about USB drive, type:
sudo dmesg | grep -i usb
To display messages about serial ports, type:
sudo dmesg | grep -i tty
To search for messages about network connections, type:
sudo dmesg | grep -i eth0
To search for messages about the hard drives, type:
sudo dmesg | grep -i sda
To display messages about both USB and memory, type:
sudo dmesg | grep -E "usb|memory"
To check for a CD Drive in your system, type:
sudo dmesg | grep -iE 'cdrom|dvd|cd/rw|cd-rom'
The default dmesg output includes log messages about all the system components. You can filter these messages based on the processes that initiated the messages:
- kern represents kernel messages.
- user represents user-level messages.
- mail represents mail system messages.
- daemon displays messages about the system daemons.
- auth displays user authorization messages.
- Syslog represents internal syslogd messages.
- lpr displays messages created by the line printer subsystem.
- news displays messages created by the network news subsystem.
Specify the appropriate facility name with the dmesg command to display messages that are created by a particular facility. For example, to show messages about daemon, use the following command:
sudo dmesg --facility=daemon
Every message logged in the buffer has a level that represents the severity or significance of the message. The following log levels are supported:
- emerg shows emergency messages.
- alert shows system alerts that require immediate attention.
- crit shows critical system conditions.
- err shows application or system error logs.
- warn shows warning messages.
- notice shows normal but important messages.
- info shows only informational messages.
- debug shows debug level messages. System administrators can troubleshoot kernel issues using debug-level messages.
To display only the warnings, specify the log level as warn:
sudo dmesg --level=warn
Combining Facility and Level
To display messages that include both log-level and facilities in human-readable output, use the -x option:
sudo dmesg -x
In some Linux distributions, by default, non-root users may not run the dmesg command. You can remove this restriction to enable access for non-root users:
sudo sysctl -w kernel.dmesg_restrict=0
Clear Dmesg Messages
Use the -c option to first print the dmesg output and then clear dmesg logs from the kernel ring buffer:
sudo dmesg -c
To clear all messages without printing the output, use the -C option:
sudo dmesg -C
The dmesg log messages are automatically written to the /var/log/kern.log and /var/log/dmesg files. Log messages from these files are available even if you clear the dmesg messages using -c or -C options.
Stop Dmesg from Logging to Console
You can disable the printing of log messages in the dmesg command console, use the -D option:
sudo dmesg -D
To enable the printing of log messages, use the –E option:
sudo dmesg -E
The Dmesg Command Options
The following table describes some of the most commonly used options of this command:
|Clears the kernel ring buffer.|
|Prints the kernel ring buffer messages before clearing.|
|Restricts the output to a particular facility.|
|Prints output in a human-readable format.|
|Prints colored output.|
|Restricts the output to a particular log level.|
|Instructs dmesg to read kernel messages from Syslog.|
|Specifies buffer size for the kernel ring buffer.|
|Prints human-readable log message timestamps.|
|Omits timestamps in dmesg output.|
|Prints output in the specified time format.|
|Updates dmesg output automatically.|
|Prints facility and level combined output.|
In this tutorial, we learned how to use the dmesg command in Linux to print kernel ring buffer log messages on the user console. Try examples in this command to learn the command options and effectively use the dmesg command.
For more information, you can browse to dmesg man pages.