--- title: Monitoring soft deletes description: The server provides monitoring entries and logs to track all soft delete operations. The access and debug logs do not have any options specific for soft deletes. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_monitor_soft_deletes canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_monitor_soft_deletes.html revdate: September 13, 2023 page_aliases: ["pd_ds_monitor_soft_deletes_steps.adoc", "pd_ds_new_monitor_entries.adoc", "pd_ds_access_logs.adoc", "pd_ds_config_file_based_audit_log_soft_deletes.adoc", "pd_ds_audit_logs.adoc", "pd_ds_config_soft_deletes_changelog_backend.adoc", "pd_ds_changelog.adoc"] section_ids: new-monitor-entries: New monitor entries monitoring-soft-deletes: Monitoring soft deletes steps: Steps example: Example: result: Result: access-logs: Access logs audit-logs: Audit logs configuring-the-file-based-audit-log-for-soft-deletes: Configuring the file-based audit log for soft deletes steps-2: Steps example-2: Example: example-3: Example: changelog: Changelog configuring-soft-deletes-on-the-changelog-backend: Configuring soft deletes on the changelog backend steps-3: Steps result-2: Result: --- # Monitoring soft deletes The server provides monitoring entries and logs to track all soft delete operations. The access and debug logs do not have any options specific for soft deletes. ## New monitor entries Two new monitor entries are present for a backend monitor entry. Administrators see the following additional monitor entries on `cn=userRoot Backend,cn=monitor`: * `ds-soft-delete-entry-operations-count` Displays the number of soft deletes performed on the backend since server startup. * `ds-undelete-operations-count` Displays the number of undeletes performed on the backend since server startup. * `ds-backend-soft-deleted-entry-count` Displays the current number of soft-deleted entries in the database. * `ds-auto-purged-soft-deleted-entry-count` Displays the current number of soft-deleted entries purged since the backend or server was restarted. ### Monitoring soft deletes Monitor soft deletes using the `ldapsearch` command. #### Steps * Run `ldapsearch` on the `cn=userRoot Backend,cn=monitor` branch using a search criteria targeting the `ds-backend-monitor-entry` object class. ##### Example: ```shell $ bin/ldapsearch --baseDN "cn=userRoot Backend,cn=monitor" \ --searchScope sub "(objectclass=ds-backend-monitor-entry)" ``` ##### Result: ``` dn: cn=userRoot Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry objectClass: extensibleObject cn: userRoot Backend ds-backend-id: userRoot ds-backend-base-dn: dc=example,dc=com ds-backend-is-private: FALSE ds-backend-entry-count: 200001 ds-backend-soft-deleted-entry-count: 1000 ds-soft-delete-operations-count: 40 ds-undelete-operations-count: 20 ds-auto-purged-soft-deleted-entry-count: 0 ds-base-dn-entry-count: 200001 dc=example,dc=com ds-backend-writability-mode: enabled ``` ## Access logs The access log records the LDAP operations corresponding to soft delete and undelete for `DELETE`, `SEARCH`, `MODIFY`, and `ADD` operations with the related soft-deleted values. The access log does not require any configuration for soft delete. * `DELETE` (soft-delete) operations The access log displays the following. ``` [14/May/2012:09:40:16.942 -0500] DELETE RESULT conn=18 op=1 msgID=2 dn="uid=user.1,ou=People,dc=example,dc=com" resultCode=0 etime=30.367 softDeleteEntryDN="entryUUID=4e9b7847-edcb-3791-b11b-7505f4a55af4+uid=user.1, ou=People,dc=example,dc=com" ``` * `SEARCH` operations for soft-deleted entries The access log displays the following. ``` [14/May/2012:09:40:52.320 -0500] SEARCH RESULT conn=19 op=1 msgID=2 base="dc=example,dc=com" scope=2 filter="(objectclass=ds-soft-delete-entry)" attrs="ALL" resultCode=0 etime=1.631 entriesReturned=1 ``` * `MODIFY` operations of soft-deleted entries The access log displays the following. ``` [14/May/2012:09:42:43.679 -0500] MODIFY RESULT conn=20 op=1 msgID=1 dn="entryUUID=4e9b7847-edcb-3791-b11b-7505f4a55af4+uid=user.1,ou=People,dc=exam- ple,dc=com" resultCode=0 etime=2.639 changeToSoftDeletedEntry=true ``` * `ADD` (soft-undelete) operations The access log displays the following. ``` [14/May/2012:09:58:16.728 -0500] ADD RESULT conn=25 op=1 msgID=1 dn="uid=user.0,ou=People,dc=example,dc=com" resultCode=0 etime=22.700 undeleteFromDN="entryUUID=ad55a34a-763f-358f-93f9-da86f9ecd9e4+uid=user.0, ou=People,dc=example,dc=com" ``` ## Audit logs The audit log captures any `MODIFY` and `DELETE` operations of soft-deleted entries. These changes are recorded as fully commented-out audit log entries. The audit log does not require any configuration for soft deletes. For any soft-deleted entry, the audit log entry displays the `ds-soft-delete-entry-dn` property and its soft-deleted entry distinguished name (DN). ``` # 14/May/2012:10:57:09.054 -0500; conn=30; op=1 # ds-soft-delete-entry-dn: entryUUID=68147342-1f61-3465-8489- 3de58c532130+uid=user.2,ou=People,dc=example,dc=com dn: uid=user.2,ou=People,dc=example,dc=com changetype: delete ``` For any `MODIFY` changes made, the log displays the LDIF, the modifier's name, and update time. ``` # 14/May/2012:10:58:33.566 -0500; conn=33; op=1 # dn: entryUUID=68147342-1f61-3465-8489-3de58c532130+uid=user.2,ou=People,dc=exam- ple,dc=com # changetype: modify # replace: homePhone # homePhone: +1 003 428 0966 #- # replace: modifiersName # modifiersName: uid=admin,dc=example,dc=com #- # replace: modifyTimestamp # modifyTimestamp: 20131010020345.546Z ``` For any undelete of a soft-deleted entry, the log displays the `ds-undelete-from-dn` attribute plus the entry unique ID, create time, and creator's name. ``` # 14/May/2012:10:59:21.754 -0500; conn=34; op=1 dn: uid=user.2,ou=People,dc=example,dc=com changetype: add uid: user.2 ds-undelete-from-dn: entryUUID=68147342-1f61-3465-8489-3de58c532130+uid=user.2,ou=Peo- ple,dc=example,dc=com ds-entry-unique-id:: vw1jg801S7GWrTiS3UE5DA== createTimestamp:: 20131010181148.630Z creatorsName: uid=admin,dc=example,dc=com ``` For hard (permanent) deletes of a soft-deleted entry, the log displays the soft-deleted entry DN that was removed. ``` # 14/May/2012:11:00:14.055 -0500; conn=36; op=1 # dn: entryUUID=68147342-1f61-3465-8489-3de58c532130+uid=user.2,ou=People,dc=exam- ple,dc=com # changetype: delete ``` ### Configuring the file-based audit log for soft deletes Configure the file-based audit log for soft deletes. #### Steps 1. Enable the audit log if it is disabled. ##### Example: ```shell $ bin/dsconfig set-log-publisher-prop --publisher-name "File-Based Audit Logger" \ --set enabled:true ``` 2. View the audit log. The `soft-delete-entry-audit-behavior` property is set to `commented` by default and provides additional information in comments about the soft-deleted entry that was either created or undeleted. ##### Example: ``` # 11/May/2012:15:33:17.552 -0500; conn=13; op=1 # ds-soft-delete-entry-dn:entryUUID=54716bfd-fbc4-3108-ac37- bf6b1b166e37+uid=user.15,ou=People,dc=example,dc=com dn: uid=user.15,ou=People,dc=example,dc=com changetype: delete ``` ## Changelog You can configure the changelog to capture soft-delete changes to entries so that external clients, such as PingDataSync server, can access these changes. The `ds-soft-delete-entry` attribute represents an entry that has been soft-deleted and is part of the source entry passed into the changelog to indicate the entry has been soft-deleted. All soft-delete operations appear in the changelog as regular DELETE operations. When a soft delete occurs, the resulting changelog entry includes a `ds-soft-delete-entry-dn` operational attribute with the value of the soft-deleted entry DN. PingDataSync Server recognizes the `ds-soft-delete-entry-dn` attribute and does nothing with it. The changelog backend `soft-delete-entry-included-operation` property determines whether MODIFY or DELETE operations of soft-deleted entries appear in the changelog. This property is disabled by default. ### Configuring soft deletes on the changelog backend #### Steps 1. To configure soft deletes on the changelog backend, run the following. ```shell $ bin/dsconfig set-backend-prop \ --backend-name changelog \ --set soft-delete-entry-included-operation:delete \ --set soft-delete-entry-included-operation:modify ``` 2. Run a soft-delete operation on an entry. 3. To review the changelog for the soft-deleted entry, run the following. ```shell $ bin/ldapsearch --baseDN cn=changelog \ "(objectclass=*)" "+" ``` ##### Result: ``` dn: cn=changelog subschemaSubentry: cn=schema entryUUID: 9920f7e9-5a04-392a-82a8-32662d7d3863 ds-entry-checksum: 304022441 dn: changeNumber=1,cn=changelog targetUniqueId: 94f634df-c90e-39aa-bd4a-9183c29746d0 changeTime: 20120511154141Z ds-soft-delete-entry-dn: entryUUID=94f634df-c90e-39aa-bd4a- 9183c29746d0+uid=user.9,ou=People,dc=example,dc=com modifyTimestamp: 20131010020345.546Z createTimestamp:: 20131010181148.630Z localCSN: 000001373C900852000000000003 modifiersName: uid=admin,dc=example,dc=com entry-size-bytes: 298 subschemaSubentry: cn=schema entryUUID: 459b06c6-89f3-307e-a515-22433eb420b6 createTimestamp: 20120511154141.431Z modifyTimestamp: 20120511154141.431Z ds-entry-checksum: 1157320579 ```