Remember the Linux Kernel and Device Drivers? They log like everything else. They also write their log messages to a special file and there’s a command dmesg that lets you see what’s in the file.
The special file has a name and it’s the ring buffer.
This doesn’t mean you have a ring in your computer. No hobbits are going to go on a quest to retrieve the one ring, sorry. Go watch The Lord of the Rings to see that ring.
Instead, the ring buffer is a way of storing the messages. Think of it like a pile of blocks.
We only want the pile of blocks to be four blocks high, so every time we add a block to the bottom, we must remove one of the blocks from the top. That’s how the ring buffer works. It only has a certain amount of information it can store so when that amount is reached, the oldest message in the ring buffer gets removed and the newest one is added.
Next question, what do the messages look like? Well, you can run the command dmesg and find out. Some systems have that command restricted because the people who run the system think it’s a security leak. It can be, if a device driver is complaining a lot a malicious person can take advantage of that.
I’m here to save the day, though, and show you what an output can look like:
___slab_alloc+0x37a/0x4a0 ? __es_insert_extent+0x84/0x2f0 ? ext4_ind_map_blocks+0x102/0xc70 ? ext4_ind_map_blocks+0x584/0xc70 __slab_alloc+0x27/0x40 ? __slab_alloc+0x27/0x40 ? __es_insert_extent+0x84/0x2f0 kmem_cache_alloc+0xd5/0x180 ? __es_insert_extent+0x84/0x2f0 ? __es_insert_extent+0x84/0x2f0 __es_insert_extent+0x84/0x2f0 ext4_es_insert_extent+0xbf/0x190 ext4_map_blocks+0x262/0x630 ? __add_to_page_cache_locked+0xb0/0x170 ext4_mpage_readpages+0x282/0xa20 ? __raw_callee_save___pv_queued_spin_unlock+0x9/0x10 ? queue_unplugged+0x33/0xa0 ? alloc_pages_current+0x58/0xb0 ext4_readpages+0x29/0x40 ? ext4_readpages+0x29/0x40 ? ext4_journalled_zero_new_buffers+0x110/0x110 __do_page_cache_readahead+0x131/0x1e0
That’s not very helpful, is it? It requires a lot of knowledge to understand the output of dmesg and it’s usually used when the person running the system notes a problem. When a system is restarted, the ring buffer is full of information about starting processes, so that can be useful then as well.