The dmesg command is a powerful tool used to control and read log messages stored in the kernel ring buffer of Linux and other Unix-based operating systems. During boot-up and runtime, the kernel stores messages produced by device drivers, hardware devices, and kernel modules in a ring buffer.
These stored log messages can be reviewed for diagnosing and debugging hardware-related issues using the dmesg command.
In this article, you'll learn 10 useful dmesg commands for keeping track of your kernel logs.
dmesg Command Examples
The dmesg command log output often follows the pattern below:
[timestamp] device-name: actual message
The following listed dmesg commands can be used to monitor your kernel logs:
1. Displaying all logs
Running the dmesg command without additional options causes all log messages present in the kernel ring buffer to be printed to the screen. However, these messages are too much to be shown at once and only the latest messages are displayed.
These messages contain information about driver initialization, kernel events, and other system events. The log messages are shown in the order in which they were produced, with the most recent messages appearing at the bottom.
The command is invoked below without any options:
sudo dmesg
Sample output:
[ 1.980941] Adding 4194304k swap on /swap/file. Priority:-2 extents:3 across:4210688k [ 3.131444] scsi 0:0:0:1: Direct-Access Msft Virtual Disk 1.0 PQ: 0 ANSI: 5 [ 3.132773] sd 0:0:0:1: Attached scsi generic sg1 type 0 [ 3.135281] sd 0:0:0:1: [sdb] 536870912 512-byte logical blocks: (275 GB/256 GiB) [ 3.135282] sd 0:0:0:1: [sdb] 4096-byte physical blocks [ 3.135618] sd 0:0:0:1: [sdb] Write Protect is off [ 3.135657] sd 0:0:0:1: [sdb] Mode Sense: 0f 00 00 00 [ 3.136418] sd 0:0:0:1: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 3.141376] sd 0:0:0:1: [sdb] Attached SCSI disk [ 3.161395] EXT4-fs (sdb): mounted filesystem with ordered data mode. Opts: discard,errors=remount-ro,data=ordered [ 4.254624] FS-Cache: Duplicate cookie detected [ 4.254629] FS-Cache: O-cookie c=00000000a104f3b6 [p=00000000183a9d9b fl=222 nc=0 na=1] [ 4.254630] FS-Cache: O-cookie d=00000000e8f9e777 n=0000000021c412ef [ 4.254631] FS-Cache: O-key=[10] '34323934393337373038' [ 4.254639] FS-Cache: N-cookie c=000000001b19764d [p=00000000183a9d9b fl=2 nc=0 na=1] [ 4.254640] FS-Cache: N-cookie d=00000000e8f9e777 n=00000000d2f37866 [ 4.254641] FS-Cache: N-key=[10] '34323934393337373038'
The log messages shown are quite verbose and difficult to navigate and read. We can pipe the output to the 'more' or 'less' pager to improve readability as shown in the example below:
sudo dmesg | less
Sample output:
[ 0.000000] x86/fpu: Enabled xstate features 0xe7, context size is 2432 bytes, using 'compacted' format. [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009ffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000e0fff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000001fffff] ACPI data [ 0.000000] BIOS-e820: [mem 0x0000000000200000-0x00000000f7ffffff] usable [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000032fffffff] usable
This output shows log messages one page at a time. We can move between pages using the 'Spacebar' and 'b' keys.
2. Display Human-readable Timestamps
The dmesg command displays timestamps associated with log messages, which indicates when each individual message was logged by the kernel, allowing you to see when a message was generated in relation to other messages.
The timestamp is in seconds and nanoseconds by default. This timestamp denotes the elapsed time between the kernel startup and the logged event.
To show messages with a human-readable timestamp, we can use the â-Tâ option with the dmesg command as shown below:
sudo dmesg -T
Sample output:
[Fri Feb 10 20:28:06 2023] clocksource: Switched to clocksource tsc [Fri Feb 10 20:28:06 2023] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [Fri Feb 10 20:28:06 2023] Adding 4194304k swap on /swap/file. Priority:-2 extents:3 across:4210688k [Fri Feb 10 20:28:08 2023] scsi 0:0:0:1: Direct-Access Msft Virtual Disk 1.0 PQ: 0 ANSI: 5 [Fri Feb 10 20:28:08 2023] sd 0:0:0:1: Attached scsi generic sg1 type 0 [Fri Feb 10 20:28:08 2023] sd 0:0:0:1: [sdb] 536870912 512-byte logical blocks: (275 GB/256 GiB) [Fri Feb 10 20:28:08 2023] sd 0:0:0:1: [sdb] 4096-byte physical blocks [Fri Feb 10 20:28:08 2023] sd 0:0:0:1: [sdb] Write Protect is off [Fri Feb 10 20:28:08 2023] sd 0:0:0:1: [sdb] Mode Sense: 0f 00 00 00 [Fri Feb 10 20:28:08 2023] sd 0:0:0:1: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [Fri Feb 10 20:28:08 2023] sd 0:0:0:1: [sdb] Attached SCSI disk [Fri Feb 10 20:28:08 2023] EXT4-fs (sdb): mounted filesystem with ordered data mode. Opts: discard,errors=remount-ro,data=ordered
This output shows log messages with the timestamp in the 'date and time' format indicating when each message was produced.
The "--time-format=format" option can also be used with the dmesg command to show timestamps in a different format. The following are the available options:
iso: This displays timestamps in the ISO 8601 standard. Example: 2023-02-10T17:18:45.
ctime: This displays a human-readable date and time. Example: Fri Feb 10 17:18:45 2023.
reltime: This displays the elapsed time since a previous logged message.
delta: This displays the elapsed time since a reboot.
notime: This displays log messages without indicating a timestamp.
3. Monitoring Real-time Messages
The '--follow' or '-f' option can be used with the dmesg command to get real-time log messages. This option ensures that new messages are printed as they are added to the buffer. This is especially useful for monitoring and troubleshooting issues as they occur.
sudo dmesg --follow
Sample output:
[ 1.927610] Adding 4194304k swap on /swap/file. Priority:-2 extents:3 across:4210688k [ 3.103181] scsi 0:0:0:1: Direct-Access Msft Virtual Disk 1.0 PQ: 0 ANSI: 5 [ 3.105235] sd 0:0:0:1: Attached scsi generic sg1 type 0 [ 3.107125] sd 0:0:0:1: [sdb] 536870912 512-byte logical blocks: (275 GB/256 GiB) [ 3.107128] sd 0:0:0:1: [sdb] 4096-byte physical blocks [ 3.107290] sd 0:0:0:1: [sdb] Write Protect is off [ 3.107292] sd 0:0:0:1: [sdb] Mode Sense: 0f 00 00 00 [ 3.107899] sd 0:0:0:1: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 3.114090] sd 0:0:0:1: [sdb] Attached SCSI disk [ 3.133506] EXT4-fs (sdb): mounted filesystem with ordered data mode. Opts: discard,errors=remount-ro,data=ordered
4. Filtering Log Levels
Log messages displayed from the dmesg command are assigned different log levels, depending on their severity. The log levels, in increasing order of severity, are listed as follows:
- debug: This is the lowest log level. It shows messages that are useful for debugging purposes.
- info: This level shows informational messages, which are messages about the state of the operating system.
- notice: This level indicates noteworthy events that do not require immediate attention.
- warn: This level indicates that a potentially problematic situation that needs monitoring has occurred.
- err: Messages in this level indicate that a significant problem that needs immediate attention has occurred.
- crit: This level shows messages that indicate serious errors, which could threaten the stability of the system.
- alert: This level indicates messages that require immediate action.
- emerg: This is the highest log level. It indicates that the system is in a critical state and may be unable to continue functioning.
Log messages can be filtered to show messages of a specific log level by combining the '-l' or '--level' option with the dmesg command.
For instance, to show 'notice' level log messages, you could use:
sudo dmesg -l notice
Sample output:
[ 0.821538] scsi 0:0:0:0: Direct-Access Msft Virtual Disk 1.0 PQ: 0 ANSI: 5 [ 0.847641] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 0.867339] sd 0:0:0:0: [sda] 536870912 512-byte logical blocks: (275 GB/256 GiB) [ 0.867342] sd 0:0:0:0: [sda] 4096-byte physical blocks [ 0.867815] sd 0:0:0:0: [sda] Write Protect is off [ 0.874591] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 1.258038] sd 0:0:0:0: [sda] Attached SCSI disk [ 3.103181] scsi 0:0:0:1: Direct-Access Msft Virtual Disk 1.0 PQ: 0 ANSI: 5 [ 3.105235] sd 0:0:0:1: Attached scsi generic sg1 type 0 [ 3.107125] sd 0:0:0:1: [sdb] 536870912 512-byte logical blocks: (275 GB/256 GiB) [ 3.107128] sd 0:0:0:1: [sdb] 4096-byte physical blocks [ 3.107290] sd 0:0:0:1: [sdb] Write Protect is off [ 3.107899] sd 0:0:0:1: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 3.114090] sd 0:0:0:1: [sdb] Attached SCSI disk
5. Displaying Storage Devices
To find messages related to storage devices detected by the kernel, such as hard disk drives (HDD) and solid-state drives (SSD), we can use the "grep" command to search for log messages containing the "sda" string.
It is worth noting that the "sda" string refers to the first SATA hard drive. "sdb" is the second drive, and so on.
The following example will perform a search for the first and second disk drives:
sudo dmesg | grep -E 'sda|sdb'
Sample output:
[ 0.680084] sd 0:0:0:0: [sda] 536870912 512-byte logical blocks: (275 GB/256 GiB) [ 0.680086] sd 0:0:0:0: [sda] 4096-byte physical blocks [ 0.680359] sd 0:0:0:0: [sda] Write Protect is off [ 0.680361] sd 0:0:0:0: [sda] Mode Sense: 0f 00 00 00 [ 0.680620] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 0.955997] EXT4-fs (sda): mounted filesystem with ordered data mode. Opts: discard,errors=remount-ro,data=ordered [ 1.119068] sd 0:0:0:0: [sda] Attached SCSI disk [ 2.782968] sd 0:0:0:1: [sdb] 536870912 512-byte logical blocks: (275 GB/256 GiB) [ 2.782971] sd 0:0:0:1: [sdb] 4096-byte physical blocks [ 2.783580] sd 0:0:0:1: [sdb] Write Protect is off [ 2.783584] sd 0:0:0:1: [sdb] Mode Sense: 0f 00 00 00 [ 2.784177] sd 0:0:0:1: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 2.791487] sd 0:0:0:1: [sdb] Attached SCSI disk [ 2.809542] EXT4-fs (sdb): mounted filesystem with ordered data mode. Opts: discard,errors=remount-ro,data=ordered
This output shows log messages related to the disk drives detected during the booting process.
6. Displaying USB Devices
The "grep" command can also be used to search for log messages related to detected USB devices, their configuration, and other events produced. The "-i" option is appended to ensure that a case-insensitive search is performed.
sudo dmesg | grep -i usb
Sample output:
[ 0.413599] usbserial: USB Serial support registered for cp210x [ 0.413607] usbcore: registered new interface driver ftdi_sio [ 0.413611] usbserial: USB Serial support registered for FTDI USB Serial Device [ 0.414314] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.10 [ 0.414317] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 0.414319] usb usb1: Product: USB/IP Virtual Host Controller [ 0.414321] usb usb1: Manufacturer: Linux 5.10.102.1-microsoft-standard-WSL2 vhci_hcd [ 0.414323] usb usb1: SerialNumber: vhci_hcd.0 [ 0.416030] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. [ 0.416567] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 5.10 [ 0.416569] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 0.416573] usb usb2: Product: USB/IP Virtual Host Controller [ 0.416577] usb usb2: Manufacturer: Linux 5.10.102.1-microsoft-standard-WSL2 vhci_hcd [ 0.416578] usb usb2: SerialNumber: vhci_hcd.0 [ 0.423924] usbcore: registered new interface driver usbhid [ 0.423925] usbhid: USB HID core driver
This output shows log messages related to USB devices and drivers detected by the kernel including information about the product id, manufacturer, and vendor id.
7. Displaying DMA-related Messages
Direct memory access (DMA) is a mechanism that allows data to be transferred directly between I/O devices and the main memory without involving the system processor.
The kernel stores DMA log messages, such as information about DMA channel allocation and deallocation, DMA transactions, and error events in the ring buffer. We can filter for DMA log messages when troubleshooting DMA issues by using:
sudo dmesg | grep -i dma
Sample output:
[ 0.001501] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.001503] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.001517] DMA zone: 59 pages used for memmap [ 0.001518] DMA zone: 22 pages reserved [ 0.001520] DMA zone: 3743 pages, LIFO batch:0 [ 0.001521] DMA32 zone: 16320 pages used for memmap [ 0.001522] DMA32 zone: 1011712 pages, LIFO batch:63 [ 0.001941] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.001998] On node 0, zone DMA: 352 pages in unavailable ranges [ 0.355997] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 0.361267] Key type cifs.idmap registered
This output shows log messages about the DMA memory zones on the Linux system, including the memory usage and the status of the available memory.
8. Displaying Ethernet Adapter Messages
We can also filter the dmesg log output for messages related to a connected ethernet network adapter by specifying the network interface name. These messages might include information about the interface's initialization, warnings and errors, and updates about the network connection.
In the example below, we filter for log messages of events related to the 'eth0' network interface.
sudo dmesg | grep -i eth0
Sample output:
[ 5.871329] e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k [ 5.871330] e1000e: Copyright(c) 1999 - 2015 Intel Corporation. [ 5.871376] e1000e 0000:00:19.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode [ 5.871638] e1000e 0000:00:19.0: irq 42 for MSI/MSI-X [ 5.871660] e1000e 0000:00:19.0: eth0: (PCI Express:2.5GT/s:Width x1) 00:11:22:33:44:55 [ 5.871662] e1000e 0000:00:19.0: eth0: Intel(R) PRO/1000 Network Connection [ 5.871726] e1000e 0000:00:19.0: eth0: MAC: 10, PHY: 11, PBA No: FFFFFF-0FF
These log messages show information about the configuration, MAC address, and other related details of the network interface.
9. Displaying the First and Last N Messages
The "dmesg | head -n" and "dmesg | tail -n" commands are used to display the first and last n log messages respectively, where n is the number of logs to be shown. In the example below, we're asking for the first 20 log messages.
sudo dmesg | head -20
Sample out:
[ 0.000000] Linux version 5.10.102.1-microsoft-standard-WSL2 (oe-user@oe-host) (x86_64-msft-linux-gcc (GCC) 9.3.0, GNU ld (GNU Binutils) 2.34.0.20200220) #1 SMP Wed Mar 2 00:30:59 UTC 2022 [ 0.000000] Command line: initrd=\initrd.img panic=-1 pty.legacy_count=0 nr_cpus=8 [ 0.000000] KERNEL supported cpus: [ 0.000000] Intel GenuineIntel [ 0.000000] AMD AuthenticAMD [ 0.000000] Centaur CentaurHauls [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x020: 'AVX-512 opmask' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x040: 'AVX-512 Hi256' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x080: 'AVX-512 ZMM_Hi256' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: xstate_offset[5]: 832, xstate_sizes[5]: 64 [ 0.000000] x86/fpu: xstate_offset[6]: 896, xstate_sizes[6]: 512 [ 0.000000] x86/fpu: xstate_offset[7]: 1408, xstate_sizes[7]: 1024 [ 0.000000] x86/fpu: Enabled xstate features 0xe7, context size is 2432 bytes, using 'compacted' format. [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009ffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000e0fff] reserved
This log output shows the first 20 log messages from the kernel buffer.
10. Clear dmesg Logs
To discard old log messages and free up the dmesg log buffer, the '-C' or '--clear' option can be used with the dmesg command. This is useful in situations where you want to view only recent log messages such as when reproducing a problem while troubleshooting.
It's worth noting that this action only erases the content of the dmesg log buffer as the logs in the kernel ring buffer can still be viewed using other commands.
Also, keep in mind that 'root' user or 'sudo' privileges are required to execute this command.
sudo dmesg -C
An alternative way of erasing the dmesg log buffer is via the '-c' or '--read-clear' option. This prints out the buffer content before clearing it.
sudo dmesg -c
Conclusion
The dmesg command is a handy tool for reviewing log messages stored by the kernel. It is useful for troubleshooting hardware problems and having a general understanding of what is happening behind the scenes in your Linux system.
To learn more about it, check the man page for dmesg, here or here.
It worth mentioning that dmesg is not the only way to check kernel logs. There are other gui utilities on linux that can display logs in realtime. KDE desktop has a gui tool called ksystemlog that reads and displays different log files in an easy to view gui interface. You can install it with the following command:
sudo apt install ksystemlog
