# Audit

Audits are logged to keep track of user and system changes. Trustgrid exposes [authentication audits](https://docs.trustgrid.io/docs/operations/authentication/), [configuration changes](https://docs.trustgrid.io/docs/operations/changes/), and [flow logs](https://docs.trustgrid.io/docs/operations/flow-logs/)      


## Export configuration change audit logs as a downloadable file

 - [GET /audit/download/config](https://apidocs.trustgrid.io/audit/paths/~1audit~1download~1config/get.md): Requires audits::read:config permission.

## Export node activity and operational audit logs as a downloadable file

 - [GET /audit/download/node](https://apidocs.trustgrid.io/audit/paths/~1audit~1download~1node/get.md): Requires audits::read:node permission.

## Export user authentication and access audit logs as a downloadable file

 - [GET /audit/download/user](https://apidocs.trustgrid.io/audit/paths/~1audit~1download~1user/get.md): Requires audits::read:user permission.

## Retrieve real-time configuration change audit logs with filtering options

 - [GET /audit/tail/config](https://apidocs.trustgrid.io/audit/paths/~1audit~1tail~1config/get.md): Requires audits::read:config permission.

## Retrieve real-time node operational and security audit logs

 - [GET /audit/tail/node](https://apidocs.trustgrid.io/audit/paths/~1audit~1tail~1node/get.md): List node (appliance or agent) audits

---

Requires audits::read:node permission.

## Retrieve real-time user authentication and session audit logs

 - [GET /audit/tail/user](https://apidocs.trustgrid.io/audit/paths/~1audit~1tail~1user/get.md): Requires audits::read:user permission.

## Retrieve network traffic flow logs with advanced filtering and pagination

 - [GET /v2/audit/flow-logs](https://apidocs.trustgrid.io/audit/paths/~1v2~1audit~1flow-logs/get.md): Requires audits::read:flows permission.

## Retrieve network traffic flow logs with advanced filtering and pagination (deprecated)

 - [GET /audit/tail/flow_logs](https://apidocs.trustgrid.io/audit/paths/~1audit~1tail~1flow_logs/get.md): This is deprecated; use /v2/audit/flow-logs instead.

---

Requires audits::read:flows permission.