dmesg command

 Here's a comprehensive guide on the dmesg command, covering:

1. ✅ What is dmesg
   
   

2. 📘 Syntax
   
   

3. 🔧 Practical Examples
   
   

4. ⚠️ Edge Cases
   
   

5. 🧠 FAANG-level 20 Interview Questions with Answers
   
   

---

✅ What is dmesg?

• dmesg stands for "diagnostic message".
  
  

• It reads and displays the kernel ring buffer, showing boot-time messages, hardware errors, driver logs, and system events.
  
  

• Logs include:
  
  

• Device initialization (e.g., disk, USB, network)
  
  

• Kernel panics, oops
  
  

• Memory errors
  
  

• Module loading/unloading
  
  

• Driver issues
  
  

• Crash dump info
  
  

It's especially useful for debugging hardware-level issues.

---

📘 dmesg Syntax

dmesg [options]

Common Options:

Option	Description
-H	Human-readable, scrollable output (like less)
-T	Translate timestamps to readable time
-w	Live watch (like tail -f for kernel messages)
--level=level	Filter by log level (err, warn, info, etc.)
--facility=fac	Filter by facility (kernel, user, etc.)

---

🔧 Hands-On Examples

1. View All Kernel Messages

dmesg

2. Human-Readable Time

dmesg -T

3. Real-Time Logging

dmesg -w

4. Filter Only Errors

dmesg --level=err

5. Search USB Events

dmesg | grep -i usb

6. Boot Logs with Time

dmesg -T | less

7. Detect Disk Issues

dmesg | grep -i sda

---

⚠️ Edge Cases and Advanced Use

❗ 1. Messages are Cleared After Reboot

The kernel ring buffer is volatile. Logs are lost on reboot unless captured by journald or syslog.

❗ 2. Buffer Overflow

If there’s too much kernel activity, older messages get overwritten. Use:

dmesg --ctime | tail -n 1000 > backup.log

❗ 3. No Timestamps by Default

Use -T to show readable timestamps. Default format is epoch-based.

❗ 4. Not Color-Coded

Unlike journalctl, dmesg output is plain. Use filters or tools like ccze for color.

❗ 5. Non-root Behavior

Non-root users might not see full logs. Use sudo for full access:

sudo dmesg

❗ 6. audit or apparmor noise

Systems with AppArmor/SELinux/Audit may flood dmesg with permission logs.

---

🧠 FAANG-Level 20 dmesg Interview Questions

#	Question	Answer
1	What does dmesg show?	Kernel ring buffer: hardware, drivers, and kernel logs.
2	How can you monitor kernel logs in real-time?	dmesg -w
3	How to convert timestamps in dmesg to human-readable?	dmesg -T
4	How to find USB device plug/unplug logs?	`dmesg
5	When would dmesg not show full output?	Buffer overflow, reboot, or non-root user.
6	What's the difference between dmesg and journalctl -k?	journalctl -k reads persistent kernel logs; dmesg is non-persistent.
7	Can dmesg help in detecting hardware failures?	Yes, like disk I/O errors or memory faults.
8	How to debug module loading using dmesg?	Run modprobe module, then check dmesg.
9	What kernel subsystem logs appear in dmesg?	Networking, disk, memory, USB, drivers, modules, etc.
10	How to filter only critical or error logs?	dmesg --level=crit,err,alert
11	Can dmesg detect out-of-memory (OOM) killer activity?	Yes, look for oom-killer messages.
12	What’s a real-life example of dmesg helping debug a production issue?	Detecting failing disk (read error on sda), or faulty RAM.
13	Is dmesg persistent across reboots?	No. Use journalctl -k or save logs manually.
14	What does `dmesg	grep eth0` show?
15	How does dmesg help with boot-time issues?	Shows kernel logs during boot like initrd, driver init, etc.
16	Can dmesg be used in containers?	Limited view inside containers; host kernel logs needed.
17	How to capture dmesg logs periodically?	cron + dmesg -T > /var/log/dmesg_$(date).log
18	What are common logs seen for faulty USB?	usb X-X: device not accepting address, etc.
19	How to view messages related to I/O errors?	`dmesg
20	Can you clear dmesg output?	No direct way, but you can reload kernel buffer with reboot or manually via kernel module reloads (not recommended).

---

🧰 Bonus: Integrating with Other Tools

Tool	Usage with dmesg
journalctl	Persistent logs: journalctl -k
grep/awk	Filtering output: `dmesg
less/more	Paginate: `dmesg -T
logger	Send messages to syslog from scripts
watch	Periodic dmesg: `watch "dmesg

---