The dmesg command in Linux: system kernel messages

Posted on by BlockmyIP | Category: Linux terminal commands

Introduction

In the world of Linux system administration, knowing the tools that allow inspecting kernel behavior is essential for diagnosing problems and optimizing performance. One of the most powerful and yet simple-to-use commands is dmesg, which displays the kernel ring buffer messages. These messages include information about hardware detection, driver initialization, boot events, and error warnings that occur during system execution. Through dmesg, administrators can obtain an immediate view of what is happening inside the kernel without needing to review extensive log files. In this article we will explore what dmesg is, how it works, its most useful options, and some practical examples to get the most out of it.

What is dmesg?

dmesg comes from ‘display message’ and its main function is to read the kernel’s circular buffer where printk messages generated by the kernel itself and loaded modules are stored. This buffer, known as klogbuf, has a limited size and is overwritten cyclically when it fills up, so older messages may be lost. The dmesg command accesses this buffer and presents it on standard output, allowing the user to filter, save, or analyze the information as needed. Although originally designed for debugging the kernel during boot, its usefulness extends to any moment when low-level events need to be inspected, such as USB device failures, memory problems, or security warnings.

How it works

The operation of dmesg is based on the pseudo‑file interface /dev/kmsg, which the kernel exposes for user-space processes to read log messages. When dmesg is invoked without arguments, the command performs a full read of the buffer and displays it on screen. The kernel tags each message with a priority level (from emergency to debug) following the syslog scheme, allowing tools like dmesg to filter by importance if desired. Moreover, the buffer resides in memory, so access is fast and does not involve disk operations, making dmesg a low‑overhead tool ideal for real‑time use.

Basic usage

The basic use of dmesg is as simple as typing the command in a terminal: $ dmesg. This will produce a list of all messages currently stored in the buffer, ordered from oldest to newest. To make the output more manageable, dmesg is often combined with pipes and tools such as less, grep, or head. For example, $ dmesg | less allows comfortable scrolling via the keyboard, while $ dmesg | grep -i ‘error’ shows only lines containing the word ‘error’ regardless of case. Another common practice is to save the log to a file for later analysis: $ dmesg > ~/dmesg_log.txt.

Useful options

  • -c: clears the buffer after reading it, useful when you want to avoid seeing the same messages again in the next run.
  • -n : sets the maximum message level to be displayed; for example, -n 1 shows only emergency and alert messages.
  • -T: shows timestamps in human‑readable format instead of seconds since boot.
  • –follow or -w: keeps the command open and displays new messages as they are generated, similar to tail -f.
  • –kernel: limits output to messages originating directly from the kernel, excluding those from modules.

Practical examples

  • To review the most recent boot messages: $ sudo dmesg | tail -20
  • Detect USB hardware problems: $ dmesg | grep -i usb
  • Monitor memory events in real time: $ sudo dmesg -w | grep -i ‘memory\\|oom’
  • Save a complete log with readable timestamps: $ dmesg -T > ~/dmesg_with_dates.txt
  • Filter only critical‑level messages: $ sudo dmesg -n 3

Interpreting the output

Interpreting dmes

This post is also available in ESPAÑOL.

Leave a Reply

Your email address will not be published. Required fields are marked *

Esta obra está bajo una Licencia Creative Commons Atribución 4.0 Internacional para Francesc Roig francesc@vivaldi.net .