Sometimes you need to to see kernel level events when you’re troubleshooting something. Maybe your system isn’t booting up properly and is dropping your into a shell in the initial ramdisk or some other recovery environment and you don’t have access to many tools. Maybe your fancy new hardware isn’t being recognized. Sometimes, you just need a better idea of what’s happening — dmesg command can help with that.
Linux is known for having some of the most amazing tools and command for managing your system. They range from simpler utilities that do one thing very well to full suites of programs that cover a large surface area of system management, but by far the most appealing are the tools that allow you to effectively troubleshoot your system without having to reference hexadecimal codes all the time.
One such tool is dmesg. The dmesg command is nothing fancy. It simply accesses a location in memory that is known as the kernel ring buffer. That’s just a fancy way of saying that it’s a buffer, a location in memory used for storing streams of data that operates in a ring-like or cyclical fashion. It means that once it reaches the end, it starts at the beginning, much like a clock. This portion of memory is used for recording kernel events such as changes in hardware.
Every time you plug a USB device into your computer, the kernel ring buffer will be updated with an event that corresponds.
Open up a terminal and type the below –
What you get isn’t very useful when troubleshooting, it simply dumps the entire thing to the terminal. You could try piping it into less, and that’s alright, but we can do better.
Using the -H flag we can tell dmesg that the output is for human eyes and it will be formatted nicely in a paginating tool for us to view it.
That’s much better for reading through.
But what if you’re troubleshooting something in real time? Well, there’s a flag for that as well.
Using the -w flag we can watch the output. You can go ahead and try this. Start dmesg as above and insert and remove a device. Anything like a USB drive or mouse will do.
You should start to see how this can be especially useful when troubleshooting hardware issues. You can see when and where issues came up, and, often, you get fairly detailed information about the different devices such as filesystem issues, model numbers, and driver information. If you suspect that a piece of hardware, like a drive, is failing in an inconsistent way, dmesg command can often help determine whether that is the case.
Using the -w flag, we can write a script that parses the output with a regular expression or other means in order to filter out events that we’re looking for over long time spans.
dmesg is a tool that all Linux users should get to know. It’s very easy to use and can save you a lot of time investigation a wide variety of issues.
