15

I would like to read my Centos 5.x dmesg with timestamp, how do I do this?

Lucas Kauffman
  • 16,818
  • 9
  • 57
  • 92
edotan
  • 1,786
  • 12
  • 37
  • 57

6 Answers6

11

dmesg reads the Kernel log ring buffer. It doesn't do timestamps. What you should do is configure syslog to grab the kernel logs from that buffer and send them to a file (if it isn't already set to do so). Note, default CentOS 5.x syslog config sends kernel logs to /var/log/messages, as I recall.

If you'd like to send all kernel (dmesg) logs to /var/log/kern.log, using the default syslog daemon, you'd add a line like the following to /etc/syslog.conf

kern.*                         /var/log/kern.log
Christopher Cashell
  • 8,999
  • 2
  • 31
  • 43
  • 4
    Thank you for the answer. For anyone looking that's running CentOS 6, I found it in `/etc/rsyslog.conf` – Safado Mar 30 '12 at 17:14
  • Yep, with CentOS (and RHEL) 6.x, they changed the default syslog daemon from the old sysklogd to rsyslog. It's available as a (supported) package for RHEL/CentOS 5.x, too. – Christopher Cashell Mar 30 '12 at 18:58
  • 1
    Well, I've had this on my list of things to figure out, but now you've saved me some googling – Safado Mar 30 '12 at 22:37
9

There is solution "Enabling Timestamps for dmesg/Kernel Ring Buffer"

You could add:

printk.time=1

to kernel cmdline.

As for me, I have added to rc.local on all machines with puppet. It's easier for me) :

if test -f /sys/module/printk/parameters/time; then
   echo 1 > /sys/module/printk/parameters/time
fi
Pavan Gupta
  • 103
  • 2
Alex Bozhenko
  • 91
  • 1
  • 2
  • that works for me – c4f4t0r Apr 28 '14 at 17:56
  • 6
    Using `rc.local` is really kind of an ugly solution for this (using `rc.local` is almost always an ugly solution to anything). A better solution would be to put `printk.time = 1` into `/etc/sysctl.conf` or a file in `/etc/sysctl.d/`. That's the reason these files exist. Cramming stuff into `rc.local` will eventually leave you with a fragile, convoluted, messy, unreliable start-up. – Christopher Cashell Jun 02 '14 at 22:56
  • This what is in comment from @ChristopherCashell is the only correct answer to this question. It's a shame it's not actual answer. – Petr Dec 21 '16 at 13:27
2

I've written this simple script. Yes, it's slow. If you want something faster you either actually write a script on perl, python or something else. I'm sure this simple script can give you the hang of how it can be calculated.

Please note I ignored the seconds fraction registered in each line (after the . in the timestamp).

#!/bin/bash
localtime() {
 perl -e "print(localtime($1).\"\n\");";
}

upnow="$(cut -f1 -d"." /proc/uptime)"
upmmt="$(( $(date +%s) - ${upnow} ))"

dmesg | while read line; do
 timestamp="$(echo "${line}" | sed "s/^\[ *\([0-9]\+\).*/\1/g")"
 timestamp=$(( ${timestamp} + ${upmmt} ))
 echo "${line}" | sed "s/^[^]]\+]\(.*\)/$(localtime "${timestamp}") -\1/g"
done

I hope it helps. :)

avenger
  • 21
  • 1
0

A little perl script as below. It's a general way, and I'm not the author. 

dmesg|perl -ne 'BEGIN{$a= time()- qx!cat /proc/uptime!};s/(\d+)\.\d+/localtime($1 + $a)/e; print $_;'
  • perl -n is a way to read standard input and read into variable $_.
  • The body (not the BEGIN section) is then run once for each line.
  • BEGIN runs the code in {} once.
  • $a is the start of dmesg since the epoch
  • The s/... command takes the value in $_ and substitutes the #####.###### part of the timestamp with the "localtime" version of the dmesg offset ( $1) added to the system start time ($a)
  • print $a prints the dmesg with the locale friendly time stamp substituted for the "seconds since boot" time stamp.
Cory Knutson
  • 1,866
  • 12
  • 20
Howard.TH
  • 31
  • 1
  • 1
    This answer needs some more explanation. – kasperd Aug 18 '15 at 06:16
  • @kasperd Here is what it means: - perl -n is a way to read standard input and read into variable $_. The body (not the BEGIN section) is then run once for each line. - BEGIN runs the code in {} once. $a is the start of dmesg since the epoch - The `s/...` command takes the value in $_ and substitutes the #####.###### part of the timestamp with the "localtime" version of the dmesg offset ( $1) added to the system start time ($a). - `print $a` prints the dmesg with the locale friendly time stamp substituted for the "seconds since boot" time stamp. – dadinck Mar 28 '16 at 18:52
0

Script modification in case line do not begin with a "["

#!/bin/bash
localtime() {
 perl -e "print(localtime($1).\"\n\");";
}

upnow=$(cut -f1 -d"." /proc/uptime)
upmmt=$(( $(date +%s) - ${upnow} ))

dmesg \
| while read LINE; do
    if [ "$(echo ${LINE} | egrep -v "^\[")" == "" ] ; then
        timestamp=$(echo "${LINE}" | sed "s/^\[ *\([0-9]\+\).*/\1/g")
        timestamp=$(( ${timestamp} + ${upmmt} ))
        echo "${LINE}" | sed "s/^[^]]\+]\(.*\)/$(localtime "${timestamp}") -\1/g"
    else
        echo "${LINE}"
    fi
done
MadHatter
  • 78,442
  • 20
  • 178
  • 229
M.D.A.
  • 1
0

This is an update on Plutoid's suggestion, removing the leading spaces from the timestamp.

dmesg|perl -ne 'BEGIN{$a= time()- qx!cat /proc/uptime!};s/( *)(\d+)\.\d+/localtime($2 + $a)/e; print $_;'
  • perl -n is a way to read standard input and read into variable $_.
  • The body (not the BEGIN section) is then run once for each line.
  • BEGIN runs the code in {} once.
  • $a is the start of dmesg since the epoch (seconds)
  • The s/... command takes the value in $_ and substitutes the \s*#####.###### part of the timestamp with the "localtime" version of the dmesg offset ( $1) added to the system start time ($a)
  • print $a prints the dmesg with the locale friendly time stamp substituted for the "seconds since boot" time stamp.
Luigi Bai
  • 1
  • 2
  • 1
    And like the original answer, it needs some explanation. Can you edit your post, break it down, and step through it? – Cory Knutson Jul 11 '17 at 20:46