Mastering dmesg: View, Filter, and Control Linux Kernel Logs

Understanding dmesg and the Kernel Log Buffer

The Linux kernel stores log messages in a fixed‑size circular buffer that records events from the CPU, I/O devices, memory, and file systems. During boot and runtime, the kernel writes various messages to this buffer.

The dmesg utility reads and prints the contents of the kernel ring buffer, making it valuable for inspecting boot messages and debugging hardware‑related issues.

Basic dmesg Usage

Running dmesg without options prints all buffered messages to standard output: $ dmesg By default any user can execute dmesg, but on some systems non‑root users may be blocked, producing an error like:

dmesg: read kernel buffer failed: Operation not permitted

To lift this restriction, set the kernel parameter kernel.dmesg_restrict to zero:

$ sudo sysctl -w kernel.dmesg_restrict=0

Paging and Coloring Output

Because the output is often long, pipe it to a pager such as less or more: $ dmesg --color=always | less Use grep to filter messages, e.g., to show only USB‑related logs:

$ dmesg | grep -i usb

Reading from /proc/kmsg and Syslog Interaction

dmesg

reads from the virtual file /proc/kmsg, which provides exclusive access to the kernel buffer. If a syslog daemon is running, reading /proc/kmsg directly (e.g., with cat or less) will block.

The syslog daemon copies kernel messages to /var/log/dmesg, which can also be examined:

$ cat /var/log/dmesg

Formatting dmesg Output

Common options for improving readability: -H or --human: human‑readable output. -T or --ctime: display timestamps as calendar dates.

$ dmesg -H

$ dmesg -T

Custom timestamp formats are available via --time-format <format>, where format can be ctime, reltime, delta, notime, or iso. Example: $ dmesg --time-format=delta Options can be combined, e.g.:

$ dmesg -H -T

Real‑time Monitoring

To follow new kernel messages as they appear, use the -w (or --follow) option:

$ dmesg --follow

Filtering by Facility and Level

Limit output to specific facilities with -f <list> (comma‑separated). Example showing only kernel and daemon messages: $ dmesg -f kern,daemon Limit output to certain severity levels with -l <list>. Example showing only error and critical messages: $ dmesg -l err,crit Supported levels are: emerg, alert, crit, err, warn, notice, info, debug.

Clearing the Ring Buffer

Root or sudo users can clear the buffer with -C (or --clear): $ sudo dmesg -C To read and then clear the buffer, use -c (or --read-clear): $ sudo dmesg -c To save the current log before clearing, redirect the output to a file:

$ dmesg > dmesg_messages

Conclusion

The dmesg command provides direct access to the kernel’s circular log buffer, making it indispensable for troubleshooting kernel or hardware problems. For a complete list of options, run man dmesg.