The dmesg (diagnostic message) command provides functionality to retrieve, filter, and control the messages from the kernel’s message buffer (known as the kernel ring buffer).
The kernel ring buffer contains the operating system’s activities and state, especially during the boot process and while interacting with hardware. This buffer stores messages in a memory area of a defined size. It generally stores:
- Initialization of kernel subsystems and loading of kernel modules.
- Messages related to the detection, initialization, and configuration of hardware during the boot process.
- Detection and initialization of hardware components like CPUs, memory, disks, and peripheral devices.
- Loading and unloading of kernel modules (drivers).
- Kernel panic messages and stack traces.
- Information and errors related to I/O operations.
Remember the content of dmesg is volatile and gets cleared or lost once the system is restarted. During the boot process, the contents of the kernel ring buffer is dumped to /var/log/dmesg by a startup script or service.
Once a syslog daemon (syslogd, rsyslogd, syslog-ng, etc.) is running, it can read kernel messages from the kernel ring buffer and log them persistently to disk. The actual file and path might vary between systems and configurations.
dmesg command comes with a variety of options:
--follow: Wait for new messages.
--clear: Clear the ring buffer.
--console-off: Disable printing messages to the console.
--console-on: Enable printing messages to the console.
--file: Read from a file instead of the kernel ring buffer.
--kernel: Display kernel messages.
--decode: Decode facility and level to readable string.
--userspace: Display userspace messages.
--show-delta: Display timestamp and time difference, between when each message was logged relative to the previous message.
--ctime: Display human-readable timestamp.
--console-level: Set the level at which logging of messages is done to the console
--facility: Filter output by specified comma-separated facility level(s).
--level: Filter output by specified comma-separated level(s).
--human: Print human-readable output.
The dmesg command without any options will display all the kernel messages from the ring buffer in the terminal.
Messages at the top are older while those at the bottom are newer.
The dmesg output, especially in its raw and unfiltered form, primarily displays three crucial pieces of information.
- Time: The time stamp indicates the number of seconds since the system booted when the message was generated.
- Device/Component: Typically identifies the system component, device, or subsystem generating the message.
- Message: Gives a detailed log, warning, error, or informational message concerning the event being logged.
By default, all the messages are displayed, but the list is very long. Use the following dmesg with tail command to display the last 10 messages:
sudo dmesg | tail -10
To display the first 10 messages in the kernel buffer, type:
sudo dmesg | head -10
Let's look into some of the real-time usage examples of dmesg command:
1. View messages in real-time
What about if you want to see dmesg output as it changes?
For example, after attaching new hardware (e.g., USB devices, GPUs), you need to ensure it’s recognized and initialized properly. This comes to help:
-w or --follow: This option allows dmesg to display new messages as they appear, essentially letting you monitor the kernel messages in real-time.
H or --human: It makes the output more readable by humans by enabling human-readable timestamps. Example [ +10.123456]), with the first message's timestamp indicating the time since boot.
2. Viewing specific hardware messages
To see all messages related to the CPU from your kernel logs:
dmesg | grep CPU
Here we used grep command to search the term CPU through all messages in dmesg.
If you’re experiencing issues that might relate to system memory allocation or errors:
dmesg | grep -i "memory\|oom"
In case any external peripherals (keyboard, mouse, printers) are not functioning correctly, you can search by its name. Example to search messages related to USB devices:
dmesg | grep -i usb
Filter and display all kernel messages related to eth0
sudo dmesg | grep -i eth0
If filesystem errors or disk I/O warnings are occurring, potentially indicating a failing disk, you can search for message related to that disk drive. Example:
sudo dmesg | grep -i sda
To display messages about both USB and memory, type:
sudo dmesg | grep -E "usb|memory"
To identify or fix issues related to CD-ROM/DVD, try
dmesg | grep -iE 'cdrom|dvd|cd/rw|cd-rom|writer'
3. Show Timestamps Human Readable
Unlike the default behavior of dmesg, which displays timestamps as the number of seconds since the system booted, the -T (or --ctime) option convert these timestamps into actual date and time values (i.e., wall-clock format).
sudo dmesg -T
You can use --time-format if you wish to specify the format of timestamps in the output. Example dmesg --time-format=iso - This display timestamps formatted according to the ISO 8601 standard.
4. Specific Facility
The default dmesg output includes log messages about all the system components. You can filter these messages based on the processes that initiated the messages:
- kern represents kernel messages.
- user represents user-level messages.
- mail represents mail system messages.
- daemon displays messages about the system daemons.
- auth displays user authorization messages.
- Syslog represents internal syslogd messages.
- lpr displays messages created by the line printer subsystem.
- news displays messages created by the network news subsystem.
Specify the appropriate facility name with the dmesg command to display messages that are created by a particular facility. For example, to show messages about daemon, use the following command:
sudo dmesg --facility=daemon
5. Filter dmesg messages
Using of Specific Facility
dmesg command allows different facilities to display specific messages.
This command tells dmesg to show only kernel-related messages.
Some of the common facilities are:
- kern: Kernel messages
- user: Random user-level messages
- mail: Mail system
- daemon: System daemons
- auth: Security/authorization messages
- syslog: Messages generated internally by syslogd
- lpr: Line printer subsystem
Using Log Levels
You can also control messages of a specific log level.
This will only display warning messages.
- emerg shows emergency messages.
- alert shows system alerts that require immediate attention.
- crit shows critical system conditions.
- err shows application or system error logs.
- warn shows warning messages.
- notice shows normal but important messages.
- info shows only informational messages.
- debug shows debug level messages. System administrators can troubleshoot kernel issues using debug-level messages.
6. Clear Dmesg Messages
If you want to capture only the newest messages without the old ones adding clutter use -C option. This will clear all the current kernel messages.
sudo dmesg -C
This command will require root (administrator) permissions, so you'll need to use sudo or be logged in as the root user.
It's worth noting that clearing the dmesg buffer does not affect the system log files managed by syslog or rsyslog daemons, which may still contain the kernel messages saved before the buffer was cleared.
7. Console Logging
The -D and -E options are specifically related to controlling whether dmesg outputs will be displayed to the console.
The -D or --console-off option tells the kernel to suppress all messages (from the moment of executing the command) from being printed to the console.
If you've previously used -D to suppress the messages, you can revert this action and allow messages to be displayed on the console again using -E.
You can also control the level of messages to the console using -n option.
dmesg -n 1
This prevents all messages, except emergency messages ( such as panic), from being logged into the console.
Here are the log levels you can set, as a reminder:
- 0: emerg - System is unusable
- 1: alert - Action must be taken immediately
- 2: crit - Critical conditions
- 3: err - Error conditions
- 4: warn - Warning conditions
- 5: notice - Normal but significant condition
- 6: info - Informational
- 7: debug - Debug-level messages
When services are managed by systemd, their stdout and stderr output, which would conventionally go to the console, are captured by journald.