11 Dec 2023

Mastering ‘dmesg’: Linux Command Guide with Examples

Posted in Bash, Linux, Systems Administration By Gabriel Ramuglia On December 11, 2023

Graphic depicting Linux terminal displaying the dmesg command for kernel message access highlighting kernel icons and log file representations

Ever felt like you’re wrestling with the ‘dmesg’ command in Linux? You’re not alone. Many users find the ‘dmesg’ command a bit daunting, but it’s actually a powerful tool that can help you uncover the secrets of your Linux system’s kernel. It allows you to peek into the kernel’s activities, providing you with a wealth of information that can be used for troubleshooting and system optimization.

This guide will walk you through the usage of ‘dmesg’, from basic to advanced, and help you troubleshoot common issues. We’ll cover everything from viewing kernel messages, filtering output, to understanding timestamps and alternative methods.

So, let’s dive in and start mastering the ‘dmesg’ command in Linux!

TL;DR: What is the ‘dmesg’ command in Linux?

The 'dmesg' command in Linux is a powerful tool used to display the kernel-related messages on Unix-like systems. A common way to call the command is with the syntax, dmesg | less, which will output the kernel ring buffer to the terminal.

Here’s a simple usage example:

dmesg | less

# Output:
# [Displays the kernel ring buffer in a less viewer, allowing you to scroll through]

In this example, we use the ‘dmesg’ command piped with ‘less’. This displays the kernel ring buffer in a less viewer, allowing you to scroll through the messages at your own pace.

This is just a basic way to use the ‘dmesg’ command in Linux, but there’s much more to learn about viewing and understanding kernel messages. Continue reading for more detailed usage and advanced techniques.

Table of Contents

Understanding Basic Usage of ‘dmesg’
Exploring Advanced Uses of the ‘dmesg’ Command
Alternative Methods: Viewing Kernel Messages
Navigating Common ‘dmesg’ Challenges
Unraveling the Linux Kernel and System Logs
The Role of ‘dmesg’ in System Administration and Troubleshooting
Wrapping Up: Mastering the ‘dmesg’ Command in Linux

Understanding Basic Usage of ‘dmesg’

The ‘dmesg’ command in Linux is primarily used to read and display the kernel messages. These messages can help you understand what’s going on behind the scenes in your Linux system, making it easier to diagnose and fix issues.

Here’s a simple example of how to use the ‘dmesg’ command:

dmesg | tail -n 10

# Output:
# [Displays the last 10 lines of the kernel ring buffer]

In this example, we’ve used the ‘dmesg’ command piped with ‘tail -n 10’. This command will display the last 10 lines of the kernel ring buffer, which usually contains the most recent kernel messages.

Potential Pitfalls and Best Practices

When using the ‘dmesg’ command, it’s important to remember that the kernel ring buffer has a limited size. This means that older messages may be deleted to make room for newer ones. If you need to keep a permanent record of these messages, consider redirecting the output of ‘dmesg’ to a file.

Another best practice is to use the ‘-T’ option with ‘dmesg’, which will display the timestamps in a human-readable format. This can make it easier to correlate the kernel messages with other events on your system.

Here’s an example:

dmesg -T | tail -n 10

# Output:
# [Displays the last 10 lines of the kernel ring buffer with human-readable timestamps]

In this example, we’ve added the ‘-T’ option to the ‘dmesg’ command. This will display the timestamps in a human-readable format, making it easier to understand when each event occurred.

Exploring Advanced Uses of the ‘dmesg’ Command

As you become more comfortable with the basic usage of ‘dmesg’, you can start to explore its more advanced features. These include filtering output by facility and level, displaying timestamps, and more.

Before we dive into these advanced uses, let’s familiarize ourselves with some of the command-line arguments or flags that can modify the behavior of the ‘dmesg’ command. Here’s a table with some of the most commonly used ‘dmesg’ arguments.

Argument	Description	Example
`-T`	Display human-readable timestamps.	`dmesg -T`
`-w`	Wait for new messages.	`dmesg -w`
`-C`	Clear the ring buffer.	`dmesg -C`
`-d`	Display the delta time.	`dmesg -d`
`-e`	Display messages with error levels.	`dmesg -e`
`-f`	Display messages from specified facility.	`dmesg -f kern`
`-l`	Display messages of specified level.	`dmesg -l err`
`-n`	Set the level at which logging of messages is done to the console.	`dmesg -n 4`
`-r`	Display raw message buffer.	`dmesg -r`
`-s`	Use a buffer of size.	`dmesg -s 512`
`-u`	Display userspace messages.	`dmesg -u`
`-x`	Display the message level prefix.	`dmesg -x`

Now that we have a basic understanding of ‘dmesg’ command line arguments, let’s dive deeper into the advanced use of ‘dmesg’.

Filtering Output by Facility and Level

The ‘dmesg’ command allows you to filter the output by facility and level, which can be incredibly useful when you’re looking for specific types of messages. Here’s an example:

dmesg -l err,crit

# Output:
# [Displays messages with error and critical levels]

In this example, we’ve used the ‘-l’ option with ‘dmesg’ to specify the levels we’re interested in (in this case, error and critical). This filters the output to only show messages with these levels.

Displaying Timestamps

The ‘dmesg’ command can also display timestamps, which can be useful for correlating events. Here’s how you can do this:

dmesg -T

# Output:
# [Displays messages with human-readable timestamps]

In this example, we’ve used the ‘-T’ option with ‘dmesg’, which displays the timestamps in a human-readable format. This makes it easier to understand when each event occurred.

Advanced Filtering

You can also combine multiple options for more advanced filtering. For example, you can display error and critical messages with timestamps:

dmesg -T -l err,crit

# Output:
# [Displays error and critical messages with human-readable timestamps]

In this example, we’ve combined the ‘-T’ and ‘-l’ options to display error and critical messages with timestamps. This can be incredibly useful when you’re troubleshooting issues on your system.

Alternative Methods: Viewing Kernel Messages

While ‘dmesg’ is a powerful tool for viewing kernel messages, it’s not the only method available. Unix-like systems provide other ways to access this information, including the ‘/var/log/dmesg’ file and the ‘journalctl’ command. These alternatives can be useful in different scenarios, depending on your specific needs and constraints.

Accessing Kernel Messages via ‘/var/log/dmesg’

The ‘/var/log/dmesg’ file is a log file that stores the messages output by the ‘dmesg’ command. This file is typically updated every time the system boots, providing a snapshot of the kernel messages at boot time.

Here’s how you can view the contents of this file:

cat /var/log/dmesg

# Output:
# [Displays the contents of the /var/log/dmesg file]

In this example, we use the ‘cat’ command to display the contents of the ‘/var/log/dmesg’ file. This gives us a look at the kernel messages that were present when the system last booted.

Using the ‘journalctl’ Command to View Kernel Messages

The ‘journalctl’ command is part of the systemd suite of system management tools. It can be used to query and display messages from the system journal, which includes kernel messages.

Here’s an example of how to use ‘journalctl’ to view kernel messages:

journalctl -k

# Output:
# [Displays kernel messages from the system journal]

In this example, we use the ‘-k’ option with ‘journalctl’, which filters the output to only show kernel messages. This can be a useful way to view kernel messages, especially on systems that use systemd.

Comparing the Methods

Each of these methods has its own strengths and weaknesses. The ‘dmesg’ command provides real-time access to the kernel ring buffer, making it ideal for troubleshooting current issues. The ‘/var/log/dmesg’ file provides a snapshot of the kernel messages at boot time, which can be useful for diagnosing boot issues. The ‘journalctl’ command provides a more comprehensive view of the system’s logs, including kernel messages, which can be useful for correlating events across different parts of the system.

Choosing the right method depends on your specific needs and the nature of the problem you’re trying to solve.

Navigating Common ‘dmesg’ Challenges

While ‘dmesg’ is a powerful tool, like any other command, it can present its own set of challenges. In this section, we will discuss some common issues you may encounter when using ‘dmesg’, along with their solutions and workarounds.

Insufficient Permissions

One common issue is the ‘Permission denied’ error. This can occur if you’re trying to use ‘dmesg’ as a non-root user on a system where the kernel.dmesg_restrict sysctl is set.

Here’s an example of what this error might look like:

dmesg

# Output:
# dmesg: read kernel buffer failed: Operation not permitted

In this case, the solution is to run ‘dmesg’ with sudo:

sudo dmesg

# Output:
# [Displays the kernel ring buffer]

Missing Messages

Another common issue is missing messages. As mentioned earlier, the kernel ring buffer has a limited size, and older messages may be deleted to make room for newer ones. If you find that important messages are missing, you may need to increase the size of the kernel ring buffer.

You can check the current size of the kernel ring buffer with this command:

cat /proc/sys/kernel/dmesg_restrict

# Output:
# [Displays the current size of the kernel ring buffer]

If necessary, you can increase the size of the kernel ring buffer by writing a new value to this file. However, be aware that this will consume more memory.

Understanding Timestamps

By default, ‘dmesg’ displays timestamps as the number of seconds since the kernel started. This can be confusing, especially when trying to correlate events. To display human-readable timestamps, use the ‘-T’ option:

dmesg -T

# Output:
# [Displays messages with human-readable timestamps]

In this example, we’ve used the ‘-T’ option to display the timestamps in a more understandable format. This can make it much easier to correlate the kernel messages with other events on your system.

Unraveling the Linux Kernel and System Logs

Before we delve deeper into the ‘dmesg’ command, it’s important to understand the underlying concepts of the Linux kernel, system logs, and the kernel ring buffer. These fundamental elements play a crucial role in the functioning of ‘dmesg’.

The Linux Kernel: Heart of the System

The Linux kernel is the core of any Linux operating system. It’s responsible for managing the system’s resources, and facilitating communication between the hardware and software components. Every operation, from reading and writing files to controlling peripherals, passes through the kernel.

cat /proc/version

# Output:
# Linux version 5.4.0-66-generic (buildd@lgw01-amd64-039) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #74-Ubuntu SMP Wed Jan 27 22:54:38 UTC 2021

This command provides information about your Linux kernel version. Understanding the kernel’s function is key to appreciating the importance of the ‘dmesg’ command, as it directly interacts with the kernel to fetch system messages.

System Logs: Chronicle of System Activities

System logs are a chronological record of events and transactions that have occurred within a system. They provide a detailed account of operations, errors, and other pertinent system activities. In Linux, system logs are typically stored in the ‘/var/log’ directory.

ls /var/log

# Output:
# auth.log  boot.log  dmesg  faillog  kern.log  syslog  ...

In this example, we list the contents of the ‘/var/log’ directory, showing various system logs. These logs are essential for system administration tasks, including troubleshooting and performance tuning.

Kernel Ring Buffer: Temporary Storage for Kernel Messages

The kernel ring buffer is a data structure that temporarily stores kernel messages, including information about the hardware, drivers, and other kernel subsystems.

sudo dmesg | wc -l

# Output:
# 1120

In this example, we count the number of lines in the kernel ring buffer using ‘dmesg’ piped with ‘wc -l’. The kernel ring buffer is a crucial component in understanding the ‘dmesg’ command, as ‘dmesg’ reads its messages directly from this buffer.

By understanding these fundamental concepts, you can better appreciate the function and importance of the ‘dmesg’ command in Linux.

The Role of ‘dmesg’ in System Administration and Troubleshooting

The ‘dmesg’ command is more than just a tool for viewing kernel messages. It’s an invaluable resource for system administrators and anyone involved in troubleshooting Linux systems. The ability to access and interpret kernel messages can often mean the difference between identifying an issue quickly and struggling to understand what’s going wrong.

Log Management: A Key Aspect of System Administration

Log management is a crucial aspect of system administration. Logs provide a detailed record of system activities, making it possible to understand what happened in the past and anticipate potential issues in the future.

The ‘dmesg’ command plays a key role in log management by providing access to kernel messages. These messages can help administrators understand the state of the system at a deep level, including the status of hardware devices, drivers, and other kernel subsystems.

sudo dmesg -T | grep -i error

# Output:
# [Displays kernel messages containing the word 'error', with timestamps]

In this example, we use ‘dmesg’ with the ‘-T’ option to display timestamps, and pipe the output into ‘grep’ to filter for messages containing the word ‘error’. This can help administrators quickly identify any errors that the kernel has reported.

Kernel Modules: Extending the Functionality of the Kernel

Kernel modules are pieces of code that can be loaded and unloaded into the kernel as needed. They extend the functionality of the kernel without requiring a reboot. The ‘dmesg’ command can be used to view messages related to kernel modules, making it a valuable tool for managing and troubleshooting these modules.

sudo dmesg | grep -i 'module'

# Output:
# [Displays kernel messages related to kernel modules]

In this example, we use ‘dmesg’ piped with ‘grep’ to filter for messages related to kernel modules. This can help administrators understand the status of kernel modules, including any issues that may have occurred during loading or unloading.

Further Resources for Mastering ‘dmesg’

To continue your journey in mastering the ‘dmesg’ command and deepening your understanding of Linux system administration, here are a few resources that you might find helpful:

The Linux Documentation Project: An ongoing project to document all aspects of Linux, including its commands and system administration tasks.
Linux Journal: A monthly publication covering all things Linux, including in-depth articles on system administration and command-line tools.
Unix & Linux Stack Exchange: A question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It’s a great place to find answers to specific questions about ‘dmesg’ and other Linux commands.

Wrapping Up: Mastering the ‘dmesg’ Command in Linux

In this comprehensive guide, we’ve delved into the depths of the ‘dmesg’ command in Linux, a powerful tool for viewing kernel messages and troubleshooting system issues.

We started with the basics, explaining how to use ‘dmesg’ to view kernel messages and providing a simple usage example. We then ventured into more advanced territory, discussing how to filter output by facility and level, how to display human-readable timestamps, and how to increase the size of the kernel ring buffer for storing more messages.

We also addressed common issues you might encounter when using ‘dmesg’, such as insufficient permissions and missing messages, and provided solutions and workarounds for these problems. Additionally, we took a deep dive into the Linux kernel, system logs, and the kernel ring buffer, helping you understand the fundamental concepts that underpin the ‘dmesg’ command.

Beyond the ‘dmesg’ command itself, we explored alternative methods for viewing kernel messages, such as using the ‘/var/log/dmesg’ file and the ‘journalctl’ command. Here’s a quick comparison of these methods:

Method	Pros	Cons
dmesg	Real-time access to kernel messages, filtering options	Limited buffer size, requires root access for some operations
/var/log/dmesg	Permanent record of boot-time kernel messages	Not updated in real-time
journalctl	Comprehensive view of system logs, including kernel messages	Requires systemd

Whether you’re just starting out with the ‘dmesg’ command or looking to deepen your understanding, we hope this guide has been a valuable resource. With its powerful capabilities and wide range of uses, ‘dmesg’ is a key tool in any Linux user’s toolkit. Happy exploring, and happy troubleshooting!

About Author

Gabriel Ramuglia

Gabriel is the owner and founder of IOFLOOD.com, an unmanaged dedicated server hosting company operating since 2010.Gabriel loves all things servers, bandwidth, and computer programming and enjoys sharing his experience on these topics with readers of the IOFLOOD blog.

We Love Servers.