When the Linux kernel is booting, initially there is no system logging facility, and that means that kernel messages could potentially be lost. The kernel solves this problem by writing those initial messages to the kernel ring buffer. A ring buffer is a fixed size area of memory that works on a “First In, First Out” (“FIFO”) basis. In other words, once the buffer is full, the next message will overwrite the oldest.
Under systemd
Once the system logger is available, it will log any kernel messages in a similar way to other log messages. Before the advent of systemd, those messages were typically written to /var/log/dmesg, but systemd will handle them using journalctl.
To look at the boot time kernel messages under systemd, use the journalctl command:
# journalctl -k
When examining the kernel messages using journalctl, all the usual facilities (filtering, paging, formatting, etc) are available.
dmesg
Regardless of whether systemd is being used, the kernel ring buffer may be examined with the dmesg command:
# dmesg | tail [45577.139900] sd 3:0:0:0: Attached scsi generic sg1 type 0 [45577.576651] sd 3:0:0:0: [sdb] 7831552 512-byte logical blocks: (4.01 GB/3.73 GiB) [45577.576921] sd 3:0:0:0: [sdb] Write Protect is off [45577.576930] sd 3:0:0:0: [sdb] Mode Sense: 23 00 00 00 [45577.577188] sd 3:0:0:0: [sdb] No Caching mode page found [45577.577203] sd 3:0:0:0: [sdb] Assuming drive cache: write through [45577.579508] sdb: sdb1 [45577.583479] sd 3:0:0:0: [sdb] Attached SCSI removable disk [45635.251131] usb 1-4.2: USB disconnect, device number 9
The number at the start of the line is the number of seconds since the system booted: interesting, maybe, but not particularly helpful. The -T switch to dmesg seems to be relatively unknown, but it changes the timestamp to the local time (long lines trimmed for readability here):
# dmesg -T | tail [Thu Feb 2 08:56:03 2017] sd 3:0:0:0: Attached scsi generic [...] [Thu Feb 2 08:56:03 2017] sd 3:0:0:0: [sdb] 7831552 [...] [Thu Feb 2 08:56:03 2017] sd 3:0:0:0: [sdb] Write [...] [Thu Feb 2 08:56:03 2017] sd 3:0:0:0: [sdb] Mode Sense [...] [Thu Feb 2 08:56:03 2017] sd 3:0:0:0: [sdb] No Caching [...] [Thu Feb 2 08:56:03 2017] sd 3:0:0:0: [sdb] Assuming drive [...] [Thu Feb 2 08:56:03 2017] sdb: sdb1 [Thu Feb 2 08:56:03 2017] sd 3:0:0:0: [sdb] Attached [...] [Thu Feb 2 08:57:01 2017] usb 1-4.2: USB disconnect [...]
Making dmesg More Readable
There is a -H (“human”) switch to dmesg that adds more readable date and time information as well as adding colour to the output and paging it, but the date/time format that it uses by default is unusual:
# dmesg -H [Dec18 07:01] usb 2-3.3: new full-speed USB device number 30 using xhci_hcd [ +0.101780] usb 2-3.3: New USB device found, idVendor=1050, idProduct=0407 [ +0.000005] usb 2-3.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ +0.000004] usb 2-3.3: Product: Yubikey 4 OTP+U2F+CCID
That can be changed by specifying the time format:
# dmesg -H --time-format ctime Mon Dec 18 07:01:40 2017] usb 2-3.3: new full-speed USB device number 30 using xhci_hcd [Mon Dec 18 07:01:40 2017] usb 2-3.3: New USB device found, idVendor=1050, idProduct=0407 [Mon Dec 18 07:01:40 2017] usb 2-3.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [Mon Dec 18 07:01:40 2017] usb 2-3.3: Product: Yubikey 4 OTP+U2F+CCID
Personally, I prefer using less to manage the paging, -T to handle the formatting, and with some care we can preserve the coloured output, too:
# dmesg -T --color=always|less -R
Bonus Tip
The more recent versions of dmesg support a -w switch that prints the kernel ring buffer and then waits. When more data is written to the ring buffer, it’s printed on the screen in a similar way to how tail -f works. That switch appears to be quite a well-kept secret, too.
Try this:
# dmesg -Tw
Was This Linux Tip Helpful?
Let us know in the comments below.