How to troubleshoot Linux using dmesg

July 26, 2022 linux

Introduction

The dmesg command is a Linux utility that retrieves kernel-related messages from the kernel ring buffer and displays them. The ring buffer holds information regarding hardware, device drivers’ initialization, and kernel modules’ messages that occur during system startup.
The dmesg command is crucial for diagnosing hardware-related errors, warnings, and device failure.

Usage of dmesg command

When the command “dmesg” is executed, just the most recent messages received from the kernel ring buffer are displayed. This function validates messages stored in the kernel’s ring buffer. Use “sudo” as a non-root user to execute root-level commands without being root.

sudo dmesg

When we use the dmesg command, it gives a lot of output. We can use the tail, head, or fewer commands to see the logs page by page. To find a specific log or term, you can use the forward slash (/) to search within “less.”

sudo dmesg | less

Display Colored Messages

By default, dmesg gives colored output, as shown above. If you want to change the colors to understand the messages better, you can use the “L” command.

sudo dmesg -L

Add the “–color=never” option to dmesg if you don’t want colored outputs. Run the command below:

Display Messages as They Arrive

You can watch the kernel ring buffer in real time using the- following option. After the system starts up, the option tells the command to wait for new messages about hardware or kernel modules.
Run the following dmesg command to start monitoring the kernel ring buffer in real-time:

sudo dmesg --follow

Search for a Specific Term

If you want to look for specific problems or hardware messages, you can pipe the output of dmesg into grep and search for a string or pattern.
For example, run the following command to find messages about memory:

dmesg | grep -i memory

The output shows each line from the buffer where the memory string is stored. Case sensitivity is ignored when you use the -i (ignore case) switch.
You can also run the following commands to find buffer messages about USB, serial ports, networks, or hard drives:

USB

dmesg | grep -i usb

Serial Ports

dmesg | grep -i tty

Network

dmesg | grep -i eth

Hard Drives

sudo dmesg | grep -i sda

You can search for more than one term at once by adding the -E option to grep, putting the search terms in quotes, and putting a pipe between them. For instance:

sudo dmesg | grep -E "memory|tty"

Read and Clear dmesg Logs

With the -c (read-clear) option, you can clear the dmesg log after it has been printed. When you clear the buffer, you ensure you only have valid messages from the most recent reboot.
Note: To save the whole log to a file before clearing it, use sudo dmesg > log file to send the output to a file.
Type the following command:

sudo dmesg -c

If you run dmesg again, it won’t show anything because the log has been cleared.

Enable Timestamps in dmesg Logs

Add the -H –human) option to the end of dmesg output to turn on timestamps. This makes the output human-readable and automatically sends it to a pager (less).
Type the following command:

sudo dmesg -H

The command adds a timestamp that shows the exact date and time in minutes. Seconds and nanoseconds describe events that happen in the same minute.
Quit the pager by entering Q.

Enable Human-Readable Timestamps

Use the -T (–ctime) option to turn on timestamps that humans can read. The option removes the nanosecond precision from the output, but it makes the timestamps easier to understand.

sudo dmesg -T

Standard dates and times are used for the timestamps in the output, and the resolution is in minutes. Each action that happened in the same minute gets the same time stamp.

Choose Timestamp Format

You can choose the timestamp format with the –time-format [format] option. The available formats are:

ctime
reltime
delta
notime
iso

To use the iso format, for example, run:

sudo dmesg --time-format=iso

Now, a timestamp looks like this: YYYY-MM-DDT>. HH:MM:SS, microseconds>+offset from UTC zone>.

Note: When the system is turned off and on again, the time shown by iso and ctime may not be correct.

Combining Facility and Level

Use the -x (decode) option to show each buffer message’s facility and log level at the beginning of each line. For example, type:

sudo dmesg -x

Read dmesg Log File

In the following example, we use the cat command to see the log file and pipe it into grep to search for a certain string:

cat dmesg | grep amd

Check for a CD Drive

Examine the buffer message log to determine whether or not a remote machine has a CD drive. For example, the following command displays all CD device initialization messages:

sudo dmesg | grep -iE 'cdrom|dvd|cd/rw|cd-rom'

The results show information on the available CD-ROM drives, including this machine’s virtual CD-ROM drive.

Remove sudo Requirement

Any user can now run dmesg and examine kernel ring buffer messages by removing the need for superuser privileges. To eliminate the sudo need, use the following command:

sudo sysctl -w kernel.dmesg_restrict=0

Any user on the system can execute dmesg after setting the limitations to 0.

Force dmesg command to use syslog

There are some cases where we might wish dmesg to acquire its data from syslog rather than /dev/kmsg. These cases can arise in a variety of contexts. The option “-S” makes this very simple to accomplish; an illustration of this is provided below:

dmesg -S

Display raw message buffer using ‘-r’ option
For an example of how to display the raw message buffer using the dmesg command, see the following example.

dmesg -r

Conclusion

This tutorial demonstrated how to examine and take control of the Linux kernel ring buffer by utilizing the dmesg tool. The program is beneficial when investigating problems with the kernel or the hardware.

Leave a Reply

Your email address will not be published. Required fields are marked *