Search Our Database

How to Review Boot Logs and Kernel Messages Using dmesg

Last updated on |
under
Performance & Optimisation, Linux, System
|
by

Introduction

The dmesg (diagnostic message) command is a vital utility in Unix-like operating systems, particularly Linux, that outputs kernel ring buffer messages. These messages are generated by the kernel and include detailed information about hardware initialization, driver loading, and error events during the boot process. Reviewingdmesg logs can be instrumental for system administrators, developers, and support technicians who need to diagnose boot-related issues, hardware malfunctions, or driver incompatibilities.

dmesg is particularly useful immediately after booting a system or when dealing with low-level system issues. It provides insight into how the Linux kernel interacts with system hardware components such as memory, CPUs, USB devices, storage controllers, and network interfaces. It can also reveal critical errors and warnings that are not logged elsewhere.

This tool is applicable across a wide variety of environments—from bare-metal servers to virtual machines and embedded systems. In containerized environments, access to dmesg may be limited due to restricted kernel access, but it remains a core tool on the host system.

The significance of dmesg lies in its ability to give an immediate snapshot of kernel activities, which complements or supplements system logs found in files like /var/log/syslog or /var/log/messages. It is especially useful for:

  • Diagnosing failed hardware detection during boot.
  • Investigating kernel panic or crash issues.
  • Monitoring USB and peripheral device connections.
  • Reviewing changes after driver updates or kernel upgrades.

Despite its power, dmesg does not timestamp messages by default and its buffer can be overwritten over time. These challenges can be mitigated by using flags and combining dmesg with other logging tools or system journal utilities like journalctl.

This guide walks through the prerequisites and step-by-step usage of dmesg for reviewing boot logs and kernel messages, including filtering, timestamping, and interpreting output efficiently.

Prerequisites

  • A Linux-based operating system (tested with Ubuntu 22.04, CentOS 7, Debian 12)
  • A user account with root or sudo privileges
  • dmesg installed (part of the util-linux package, which is usually pre-installed)
  • Access to the system’s terminal or SSH

 

Step-by-step Guide

Step 1: View All Kernel Messages

To view the complete list of kernel messages currently in the buffer, run:

dmesg

This displays messages in the order they were generated. The output typically includes hardware initialization logs, memory checks, and device driver events.

 

Step 2: Add Human-Readable Timestamps

By default, dmesg shows timestamps in seconds since boot. Use the -T flag to convert them to real time:

dmesg -T
🖊️ Tip: Human-readable timestamps make it easier to correlate kernel events with system logs in /var/log.

 

Step 3: Filter Messages by Keyword

To locate specific messages (e.g., related to USB), pipe the output through grep:

dmesg | grep usb

Replace usb with relevant keywords like eth0, sda, or firewall.

 

Step 4: Review Messages Related to Boot Time Events

Use the following command to isolate messages generated during the boot process:

dmesg --level=emerg,alert,crit,err,warn

This limits the output to high-priority messages that might indicate failures or misconfigurations during boot.

 

Step 5: Use dmesg with journalctl (Systemd Systems Only)

On systems using systemd, journalctl offers persistent and timestamped kernel logs:

journalctl -k
🖊️ Tip: Use journalctl -k -b to view messages from the current boot only.

 

Step 6: Export Logs for Analysis or Support

To save the kernel log to a text file for review or sending to support:

dmesg -T > dmesg-output.txt
🖊️ Tip: Always capture logs immediately after an issue occurs, before the buffer gets overwritten by newer kernel events.

 

Conclusion

The dmesg command is a powerful diagnostic utility that provides immediate access to kernel and boot-related messages. It plays a crucial role in identifying and troubleshooting system hardware, drivers, and initialization events. Through filters, timestamping, and integration with tools like journalctl, users can fine-tune how logs are interpreted and acted upon. Proper use of dmesg helps reduce downtime and ensures more efficient root cause analysis of system issues.

Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.

Related Article

Related Posts