
Using the dmesg command
As a SysAdmin I frequently need to access the kernel log to obtain information of various types. This can range from searching for why a system service failed to start, to identifying the path to a device I just plugged in such as a USB thumb drive. I do the latter frequently when installing a live image of various Linux distributions or copying files for a sneakernet transfer of data.
The dmesg command has been around since the earliest days of Linux. It displays the messages generated by the Linux kernel during the initial boot process and beyond — but only for the most recent boot. I use it frequently for both of those scenarios and more.
The data stream for dmesg is maintained in a special FIFO buffer called the ring buffer. Although it’s not truly a ring, this type of buffer fills up from its beginning point in memory to the end, and then starts over at the beginning.
Let’s look at the dmesg data stream immediately after inserting a USB thumb drive. This shows the information I want, the name of the drive, and it’s device special file identifier, sdf. The times are monotonic meaning in seconds since the system startup. The IDs sdf1 through sdf3 are partitions on the storage device. The full path to this device is /dev/sdf.
# dmesg
<SNIP>
[519140.218076] usb 1-1: new high-speed USB device number 34 using xhci_hcd
[519140.341592] usb 1-1: New USB device found, idVendor=0781, idProduct=5530, bcdDevice= 2.00
[519140.341602] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[519140.341606] usb 1-1: Product: Cruzer
[519140.341609] usb 1-1: Manufacturer: SanDisk
[519140.341611] usb 1-1: SerialNumber: 2243001B525036CB
[519140.343513] usb-storage 1-1:1.0: USB Mass Storage device detected
[519140.346242] scsi host8: usb-storage 1-1:1.0
[519141.365345] scsi 8:0:0:0: Direct-Access SanDisk Cruzer 8.02 PQ: 0 ANSI: 0 CCS
[519141.365604] sd 8:0:0:0: Attached scsi generic sg8 type 0
[519141.366703] sd 8:0:0:0: [sdf] 7856127 512-byte logical blocks: (4.02 GB/3.75 GiB)
[519141.366819] sd 8:0:0:0: [sdf] Write Protect is off
[519141.366824] sd 8:0:0:0: [sdf] Mode Sense: 45 00 00 08
[519141.366938] sd 8:0:0:0: [sdf] No Caching mode page found
[519141.366942] sd 8:0:0:0: [sdf] Assuming drive cache: write through
[519141.382082] sdf: sdf1 sdf2 sdf3
[519141.382286] sd 8:0:0:0: [sdf] Attached SCSI removable disk
Now that I know the device special file for this device I can use it in a command to install a Live Fedora Linux image. Assuming the ISO image file is in the present working directory (PWD), the command looks like this
# dd if=Fedora-Xfce-Live-x86_64-41-1.4.iso of=/dev/sdf bs=4096
But what if you’ve inserted more than one USB storage device in the last few minutes and the one you need isn’t the last one? The -e option displays the date and time plus an offset for individual entries. This can be more helpful than the monotonic times.
# dmesg -e
[Jan21 09:24] usb 1-1: new high-speed USB device number 34 using xhci_hcd
[ +0.123516] usb 1-1: New USB device found, idVendor=0781, idProduct=5530, bcdDevice= 2.00
[ +0.000010] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ +0.000004] usb 1-1: Product: Cruzer
[ +0.000003] usb 1-1: Manufacturer: SanDisk
[ +0.000002] usb 1-1: SerialNumber: 2243001B525036CB
[ +0.001902] usb-storage 1-1:1.0: USB Mass Storage device detected
[ +0.002729] scsi host8: usb-storage 1-1:1.0
[ +1.019103] scsi 8:0:0:0: Direct-Access SanDisk Cruzer 8.02 PQ: 0 ANSI: 0 CCS
[ +0.000259] sd 8:0:0:0: Attached scsi generic sg8 type 0
[ +0.001099] sd 8:0:0:0: [sdf] 7856127 512-byte logical blocks: (4.02 GB/3.75 GiB)
[ +0.000116] sd 8:0:0:0: [sdf] Write Protect is off
[ +0.000005] sd 8:0:0:0: [sdf] Mode Sense: 45 00 00 08
[ +0.000114] sd 8:0:0:0: [sdf] No Caching mode page found
[ +0.000004] sd 8:0:0:0: [sdf] Assuming drive cache: write through
[ +0.015140] sdf: sdf1 sdf2 sdf3
[ +0.000204] sd 8:0:0:0: [sdf] Attached SCSI removable disk
The dmesg command has some additional interesting options. The -c (lowercase) option reads the data in the ring buffer but then clears it. The -C (uppercase) option clears the ring buffer without printing the data to the terminal. The -l (lowercase L) option allows you to set the level of messages to be printed, i.e., error, critical, alert, and warning.
Other options allow the SysAdmin to set the size of the buffer, specify time ranges to print, and to specify the time format.
Be sure to read the manual page for dmesg to discover the full extent of its features and capabilities.
The systemd journalctl command can also show the same data the dmesg command presents but it has fewer options available.
[root@testvm1 ~]# journalctl --dmesg
The default journalctl output is in a date and time format. The short-monotonic option displays the time since boot:
[root@testvm1 ~]# journalctl --dmesg -o short-monotonic