dmesg Command in Linux Explained [With Examples]

Written by: Linuxopsys   |   Last updated: October 9, 2023

The dmesg (diagnostic message) command provides functionality to retrieve, filter, and control the messages from the kernel’s message buffer (known as the kernel ring buffer).

The kernel ring buffer contains the operating system’s activities and state, especially during the boot process and while interacting with hardware. This buffer stores messages in a memory area of a defined size. It generally stores:

  • Initialization of kernel subsystems and loading of kernel modules.
  • Messages related to the detection, initialization, and configuration of hardware during the boot process.
  • Detection and initialization of hardware components like CPUs, memory, disks, and peripheral devices.
  • Loading and unloading of kernel modules (drivers).
  • Kernel panic messages and stack traces.
  • Information and errors related to I/O operations.

Remember the content of dmesg is volatile and gets cleared or lost once the system is restarted. During the boot process, the contents of the kernel ring buffer is dumped to /var/log/dmesg by a startup script or service.

Once a syslog daemon (syslogd, rsyslogd, syslog-ng, etc.) is running, it can read kernel messages from the kernel ring buffer and log them persistently to disk. The actual file and path might vary between systems and configurations.

With the integration of systemd and journald in many modern Linux distributions, can store and display both kernel and system messages from boot onwards through the journalctl command. Logs in journal can persist across reboots and, depending on disk space and configuration.

Syntax

dmesg [options]

Options

dmesg command comes with a variety of options:

  • -w, --follow: Wait for new messages.
  • -C, --clear: Clear the ring buffer.
  • -D, --console-off: Disable printing messages to the console.
  • -E, --console-on: Enable printing messages to the console.
  • -F, --file: Read from a file instead of the kernel ring buffer.
  • -k, --kernel: Display kernel messages.
  • -x, --decode: Decode facility and level to readable string.
  • -u, --userspace: Display userspace messages.
  • -d, --show-delta: Display timestamp and time difference, between when each message was logged relative to the previous message.
  • -T, --ctime: Display human-readable timestamp.
  • -n, --console-level: Set the level at which logging of messages is done to the console
  • -f, --facility: Filter output by specified comma-separated facility level(s).
  • -l, --level: Filter output by specified comma-separated level(s).
  • -H, --human: Print human-readable output.

Basic Usage

The dmesg command without any options will display all the kernel messages from the ring buffer in the terminal.

dmesg
output of dmesg without any options

Messages at the top are older while those at the bottom are newer.

The dmesg output, especially in its raw and unfiltered form, primarily displays three crucial pieces of information.

  • Time: The time stamp indicates the number of seconds since the system booted when the message was generated.
  • Device/Component: Typically identifies the system component, device, or subsystem generating the message.
  • Message: Gives a detailed log, warning, error, or informational message concerning the event being logged.

On some distributions, dmesg may require root privileges to access the kernel message buffer, which is stored in the ring buffer. This behavior is controlled by the kernel.dmesg_restrict sysctl setting. When dmesg_restrict is set to 1, only root can invoke dmesg.

By default, all the messages are displayed, but the list is very long. Use the following dmesg with tail command to display the last 10 messages:

sudo dmesg | tail -10
dmesg last 10 message using tail command

To display the first 10 messages in the kernel buffer, type:

sudo dmesg | head -10
dmesg first 10 message using head command

dmesg Examples

Let's look into some of the real-time usage examples of dmesg command:

1. View messages in real-time

What about if you want to see dmesg output as it changes?

For example, after attaching new hardware (e.g., USB devices, GPUs), you need to ensure it’s recognized and initialized properly. This comes to help:

dmesg -wH

Where:

-w or --follow: This option allows dmesg to display new messages as they appear, essentially letting you monitor the kernel messages in real-time.

H or --human: It makes the output more readable by humans by enabling human-readable timestamps. Example [ +10.123456]), with the first message's timestamp indicating the time since boot.

2. Viewing specific hardware messages

To see all messages related to the CPU from your kernel logs:

dmesg | grep CPU

Here we used grep command to search the term CPU through all messages in dmesg.

If you’re experiencing issues that might relate to system memory allocation or errors:

dmesg | grep -i "memory\|oom"
using dmesg check memory error

In case any external peripherals (keyboard, mouse, printers) are not functioning correctly, you can search by its name. Example to search messages related to USB devices:

dmesg | grep -i usb
using dmesg check USB related messages

Filter and display all kernel messages related to eth0

sudo dmesg | grep -i eth0
using dmesg check interface eht0 related messages

If filesystem errors or disk I/O warnings are occurring, potentially indicating a failing disk, you can search for message related to that disk drive. Example:

sudo dmesg | grep -i sda
using dmesg check disk drive sda related messages

To display messages about both USB and memory, type:

sudo dmesg | grep -E "usb|memory"

To identify or fix issues related to CD-ROM/DVD, try

dmesg | grep -iE 'cdrom|dvd|cd/rw|cd-rom|writer'
dmesg check messages related to CD-ROM/DVD

3. Show Timestamps Human Readable

Unlike the default behavior of dmesg, which displays timestamps as the number of seconds since the system booted, the -T (or --ctime) option convert these timestamps into actual date and time values (i.e., wall-clock format).

sudo dmesg -T
dmesg showing timestamps in human-readable

You can use --time-format if you wish to specify the format of timestamps in the output. Example dmesg --time-format=iso - This display timestamps formatted according to the ISO 8601 standard.

4. Specific Facility

The default dmesg output includes log messages about all the system components. You can filter these messages based on the processes that initiated the messages:

  • kern represents kernel messages.
  • user represents user-level messages.
  • mail represents mail system messages.
  • daemon displays messages about the system daemons.
  • auth displays user authorization messages.
  • Syslog represents internal syslogd messages.
  • lpr displays messages created by the line printer subsystem.
  • news displays messages created by the network news subsystem.

Specify the appropriate facility name with the dmesg command to display messages that are created by a particular facility. For example, to show messages about daemon, use the following command:

sudo dmesg --facility=daemon
dmesg showing specific facility name daemon

5. Filter dmesg messages

Using of Specific Facility

dmesg command allows different facilities to display specific messages.

Examples:

dmesg --facility=kern

This command tells dmesg to show only kernel-related messages.

Some of the common facilities are:

  • kern: Kernel messages
  • user: Random user-level messages
  • mail: Mail system
  • daemon: System daemons
  • auth: Security/authorization messages
  • syslog: Messages generated internally by syslogd
  • lpr: Line printer subsystem

Using Log Levels

You can also control messages of a specific log level.

Example:

dmesg --level=warn

This will only display warning messages.

display warn log level

Log levels:

  • emerg shows emergency messages.
  • alert shows system alerts that require immediate attention.
  • crit shows critical system conditions.
  • err shows application or system error logs.
  • warn shows warning messages.
  • notice shows normal but important messages.
  • info shows only informational messages.
  • debug shows debug level messages. System administrators can troubleshoot kernel issues using debug-level messages.

6. Clear Dmesg Messages

If you want to capture only the newest messages without the old ones adding clutter use -C option. This will clear all the current kernel messages.

Command:

sudo dmesg -C
clear dmesg

This command will require root (administrator) permissions, so you'll need to use sudo or be logged in as the root user.

It's worth noting that clearing the dmesg buffer does not affect the system log files managed by syslog or rsyslog daemons, which may still contain the kernel messages saved before the buffer was cleared.

7. Console Logging

The -D and -E options are specifically related to controlling whether dmesg outputs will be displayed to the console.

The -D or --console-off option tells the kernel to suppress all messages (from the moment of executing the command) from being printed to the console.

Command:

dmesg -D

If you've previously used -D to suppress the messages, you can revert this action and allow messages to be displayed on the console again using -E.

dmesg -E

You can also control the level of messages to the console using -n option.

Example:

dmesg -n 1

This prevents all messages, except emergency messages ( such as panic), from being logged into the console.

Here are the log levels you can set, as a reminder:

  • 0: emerg - System is unusable
  • 1: alert - Action must be taken immediately
  • 2: crit - Critical conditions
  • 3: err - Error conditions
  • 4: warn - Warning conditions
  • 5: notice - Normal but significant condition
  • 6: info - Informational
  • 7: debug - Debug-level messages

Transition to systemd:

When services are managed by systemd, their stdout and stderr output, which would conventionally go to the console, are captured by journald.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment