difference between dmesg and /var/log/kern.log
Asked Answered
T

1

21

I am modifying the kvm module and I have added printk statements in the kernel code.After running the virtual machine, printk gives me the faulting address and other information about the guest OS.

I need to generate the statistic from this info.When I use dmesg i can only see faulting address in the kernel space i.e their address are above 0XC0000000.(faulting address are needed when VMEXIT happens i.e we switch from guest to host mode)

When I see the same statistics in kern.log I also get faulting address from the user space(below 0XC0000000). So it seems to me like dmesg has limited capacity , and the info given is a subset from kern.log.
My kern.log file is too big is it ok to erase old data from kern.log because text processing commands like grep,join,awk are taking to too long to run on the file.

My question are:
What is the difference between dmesg and kern.log?
How to reduce the kern.log file size as cron job?(erase all data added in past 24 hours)
Is there any better way to get printf kindof functionality from kernel?

Tragus answered 10/7, 2012 at 12:6 Comment(0)
N
16

/var/log/kern.log and his rotated logs (/var/log/kern.log.1 /var/log/kern.log.2....) contains the logs produced by the kernel and handled by syslog.

dmesg as explained by the man page is for :

dmesg is used to examine or control the kernel ring buffer.

In fact, it will display the last 16392 octets of /var/log/kern.log since last boot.

Night answered 10/7, 2012 at 12:33 Comment(3)
it is ok to erase the content .. of kern.log and kern.log.1 kern.log.1 is so large that vi takes 5mins to load it ... i cant process the file if they are so long .... I was thinking of doing cat /dev/null > kern.log and cat /dev/null > kern.log.1 ... Is it alright to erase log data??.Tragus
@Tragus yes you can erase those files but syslog will only keep the 5 last files itself.Quire
In my Ubuntu 16.04 the output of dmesg has almost no correlation with the last 16392 octets of /var/log/kern.log (which I obtained with tail -c 16392 ). Some (few) lines are similar but one has to account for differences in output format, fields shown, and it's not clear what kind of flags or awk post-processing would result in producing output that can be cleanly established to be the same using diff.Arceliaarceneaux

© 2022 - 2024 — McMap. All rights reserved.