# Audit

Immutable logs for compliance and troubleshooting. Trustgrid exposes [authentication audits](https://docs.trustgrid.io/docs/operations/authentication/) (`audits::read:user`), [configuration changes](https://docs.trustgrid.io/docs/operations/changes/) (`audits::read:config`), [node events](https://docs.trustgrid.io/docs/operations/node-events/) (`audits::read:node`), and [flow logs](https://docs.trustgrid.io/docs/operations/flow-logs/) (`audits::read:flows`).


## Export configuration change audit logs as a downloadable file

 - [GET /audit/download/config](https://apidocs.trustgrid.io/audit/downloadconfigaudit.md): Requires audits::read:config permission.

## Export node activity and operational audit logs as a downloadable file

 - [GET /audit/download/node](https://apidocs.trustgrid.io/audit/downloadnodeaudit.md): Requires audits::read:node permission.

## Export user authentication and access audit logs as a downloadable file

 - [GET /audit/download/user](https://apidocs.trustgrid.io/audit/downloaduseraudit.md): Requires audits::read:user permission.

## Retrieve real-time configuration change audit logs with filtering options

 - [GET /audit/tail/config](https://apidocs.trustgrid.io/audit/tailconfigaudit.md): Requires audits::read:config permission.

## Retrieve real-time node operational and security audit logs

 - [GET /audit/tail/node](https://apidocs.trustgrid.io/audit/tailnodeaudit.md): List node (appliance or agent) audits

---

Requires audits::read:node permission.

## Retrieve real-time user authentication and session audit logs

 - [GET /audit/tail/user](https://apidocs.trustgrid.io/audit/tailuseraudit.md): Requires audits::read:user permission.

## Retrieve network traffic flow logs with advanced filtering and pagination

 - [GET /v2/audit/flow-logs](https://apidocs.trustgrid.io/audit/getflowlogs.md): Requires audits::read:flows permission.

## Retrieve network traffic flow logs with advanced filtering and pagination (deprecated)

 - [GET /audit/tail/flow_logs](https://apidocs.trustgrid.io/audit/tailflowlogs.md): This is deprecated; use /v2/audit/flow-logs instead.

---

Requires audits::read:flows permission.