1. Overview
Linux adopts a ring buffer in kernel with a size of __LOG_BUF_LEN
bytes to store system logs, where __LOG_BUF_LEN
equals (1 << CONFIG_LOG_BUF_SHIFT
) (see kernel/printk.c
for details). Using a ring buffer implies that older messages get overwritten once the buffer fills up, but this is only a minor drawback compared to the robustness of this solution (i.e. minimum memory footprint, callable from every context, not many resources wasted if nobody reads the buffer, no filling up of disk space/ram when some kernel process goes wild and spams the buffer, …). Using a reasonably large buffer size should give you enough time to read your important messages before they are overwritten.
The kernel log buffer is accessible for reading from userspace by /proc/kmsg
. /proc/kmsg
behaves more or less like a FIFO and blocks until new messages appear. Please note, reading from /proc/kmsg
consumes the messages in the ring buffer so they may not be available for other programs. It is usually a good idea to let klogd
or syslog
do this job and read the content of the buffer via dmesg.
- See more at: http://www.bo-yang.net/2015/01/12/linux-system-log/#sthash.ezoikz4U.dpuf