virt-dmesg man page

virt-dmesg — Print kernel messages from a Linux virtual machine

Synopsis

virt-dmesg [--options] domname
virt-uname [--options] domname
virt-dmesg --dump-kernel domname | strings | less

Description

virt-dmesg prints the kernel messages from a running Linux virtual machine. It is like dmesg(1) except that it works on virtual machines instead of the host.

virt-dmesg requires memory snooping features only available in the QEMU and KVM hypervisors, and so at present it will only work for QEMU and KVM virtual machines. It may be possible to add support for other hypervisors in future.

virt-dmesg works by snooping the memory of the virtual machine, reading and downloading the kernel memory, and then using heuristics to find the kernel symbols. The advantage of this is that it should work for most Linux virtual machines, regardless of version and distro. The disadvantage is that heuristics are not guaranteed to be successful. For reliable access to many Linux kernel structures, including process tables and much more, please use the kdump, virsh dump and/or crash(8) utilities instead.

Usage for Getting Kernel Messages (Dmesg)

To display the kernel messages (dmesg), where Guest is the libvirt name of a running Linux virtual machine do:

virt-dmesg Guest

Usage for Getting Kernel Version (Uname, Utsname)

If virt-dmesg is invoked with the --uname option or if virt-uname is a hard link to the virt-dmesg program, then the program shows the system "utsname", the strings returned by the utsname(2) system call or the uname(1) program:

virt-uname Guest
virt-dmesg --uname Guest

Usage for Dumping Kernel

Instead of having virt-dmesg attempt to heuristically parse the kernel image, you can have virt-dmesg simply dump the kernel image to stdout. You can pass this to hexdump(1) or strings(1) to look for strings or other secrets in the kernel:

virt-dmesg --dump-kernel Guest | strings | less

A tip: to find the kernel messages, try searching for the following patterns:

^<5>.*Linux
^<[0-9]>

or for other strings that you suspect might be in the kernel output such as common initialization strings or error messages.

Options

--help
Display brief help.
-c URI
--connect URI
If using libvirt, connect to the given URI. If omitted, then we connect to the default libvirt hypervisor.
--dump-kernel
Dump the kernel to stdout. This prints lots of binary data, so it is best to pipe this through a program such as strings(1).
--uname
Print utsname strings (ie. kernel version) instead of kernel messages.

If virt-uname is a hard link to virt-dmesg, then this is the default.
-v
Enable verbose messages for debugging.
-V
--version
Display version number and exit.

Diagnostics

“cannot find kernel”

We can't find the kernel at any known address. We don't scan the whole of the guest memory, because that would take far too long. Instead we look in a small number of locations where Linux kernels are commonly found. If none of these locations appear to contain a kernel then you will see this error message.

Assuming that the guest really is running Linux, use the virt-dmesg -v option to see what addresses the program is checking.

Compare this to the contents of "/proc/kallsyms" or "/boot/config-*" inside the guest.

If the kernel is located at a completely different address, or if the address is correct but virt-dmesg does not appear to detect the kernel there, please file a bug (see "Reporting Bugs" below).

“could not find kernel log buffer in kernel image”

The kernel symbols ("log_buf", "log_buf_len", "log_end", "logged_chars") are not exported in "/proc/kallsyms" in the guest kernel.

Ask your Linux distributor to enable all of these kernel configuration options:

CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_KALLSYMS_EXTRA_PASS=y

See Also

dmesg(1), uname(1), crash(8), <http://libvirt.org/>.

Author

Richard W.M. Jones <http://people.redhat.com/~rjones/>

Reporting Bugs

You can see current bugs reported against virt-dmesg at the following URL:

https://bugzilla.redhat.com/buglist.cgi…

If the bug you are experiencing is not listed there, please file a new bug here:

https://bugzilla.redhat.com/enter_bug.c…

Give as much detail as possible. Include:

·
The version of virt-dmesg, libvirt and qemu/KVM.
·
How you obtained virt-dmesg (packaged in Fedora, compiled from source, etc.)
·
The version of the guest you are trying to inspect.

It's is also useful to have "/proc/kallsyms" and "/boot/config-*" from inside the guest.
·
The full output of virt-dmesg when you add the -v (debugging) option.

Referenced By

virt-uname(1) is an alias of virt-dmesg(1).

2011-05-25 virt-dmesg-0.3.0 Virtualization Support