4

dmesg我们可以知道特定设备已安装或卸载。

但我想知道设备是在什么时候安装或卸载的。

4

2 回答 2

3

解决方案1:

dmesg输出没有人类可读的日期时间信息

相反,dmesg您可以使用可用的内核日志,并根据需要对其进行过滤。

例如 Ubuntu,Debian 将内核日志存储在/var/log/kern.log

cat /var/log/kern.log | grep "usb"

它会给出类似的输出,

Apr 30 11:42:23 debian kernel: [ 1537.984584] usb 1-1.1: USB disconnect, device number 3
Apr 30 11:42:23 debian kernel: [ 1538.207012] usb 1-1.1: new low-speed USB device number 5 using ehci_hcd
Apr 30 11:42:29 debian kernel: [ 1543.409629] usb 1-1.1: new low-speed USB device number 6 using ehci_hcd
Apr 30 11:42:29 debian kernel: [ 1543.504880] usb 1-1.1: New USB device found, idVendor=04f3, idProduct=0235
Apr 30 11:42:29 debian kernel: [ 1543.504885] usb 1-1.1: New USB device strings: Mfr=0, Product=2, SerialNumber=0
Apr 30 11:42:29 debian kernel: [ 1543.504888] usb 1-1.1: Product: OM

解决方案2:

我找到了一个将dmesg日期时间转换为人类可读的 perl 脚本。

试试看,

#!/usr/bin/perl

use strict;
use warnings;

my @dmesg_new = ();
my $dmesg = "/bin/dmesg";
my @dmesg_old = `$dmesg`;
my $now = time();
my $uptime = `cat /proc/uptime | cut -d"." -f1`;
my $t_now = $now - $uptime;

sub format_time {
 my @time = localtime $_[0];
 $time[4]+=1;    # Adjust Month
 $time[5]+=1900;    # Adjust Year
 return sprintf '%4i-%02i-%02i %02i:%02i:%02i', @time[reverse 0..5];
}

foreach my $line ( @dmesg_old )
{
 chomp( $line );
 if( $line =~ m/\[\s*(\d+)\.(\d+)\](.*)/i )
 {
 # now - uptime + sekunden
 my $t_time = format_time( $t_now + $1 );
 push( @dmesg_new , "[$t_time] $3" );
 }
}

print join( "\n", @dmesg_new );
print "\n";

保存并应用执行权限。

$chmod a+x script.pl
$./script.pl

[样本输出:]

[2014-04-30 11:17:27]  eth0: no IPv6 routers present
[2014-04-30 11:42:18]  hub 1-1:1.0: port 1 disabled by hub (EMI?), re-enabling...
[2014-04-30 11:42:18]  usb 1-1.1: USB disconnect, device number 3
[2014-04-30 11:42:19]  usb 1-1.1: new low-speed USB device number 5 using ehci_hcd
[2014-04-30 11:42:24]  hub 1-1:1.0: unable to enumerate USB device on port 1
[2014-04-30 11:42:24]  usb 1-1.1: new low-speed USB device number 6 using ehci_hcd
[2014-04-30 11:42:24]  usb 1-1.1: New USB device found, idVendor=04f3, idProduct=0235
[2014-04-30 11:42:24]  usb 1-1.1: New USB device strings: Mfr=0, Product=2, SerialNumber=0
[2014-04-30 11:42:24]  usb 1-1.1: Product: OM
[2014-04-30 11:42:24]  input: OM as /devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.1/1-1.1:1.0/input/input11
[2014-04-30 11:42:24]  generic-usb 0003:04F3:0235.0004: input,hidraw0: USB HID v1.11 Mouse [OM] on usb-0000:00:1a.0-1.1/input0

解决方案 3: 如果您的发行版支持-T选项dmesg

试试dmesg -T。对我来说,它适用于 Debian,它也应该适用于你在 Ubuntu 上。它为输出启用时间戳。

[来自手册页]

   -T, --ctime
          Print human readable timestamps. The timestamp could be inaccurate!

          The time source used for the logs is not updated after system SUSPEND/RESUME.
于 2014-04-30T07:49:29.847 回答
1

在 linux/var/log目录中包含各种日志详细信息。我们还可以从此目录获取以前日志的历史记录。内核压缩以前的日志详细信息。如果是你的,你必须打开kern.log. 但是如果你正在寻找不在的细节kern.log,你可以看到kern.log.1或者如果你对非常古老的细节感兴趣,你必须解压缩kern.log.2.gz

于 2015-01-19T13:30:06.870 回答