diff --git a/policies/README.md b/policies/README.md
index f57b0a6..a987cbc 100644
--- a/policies/README.md
+++ b/policies/README.md
@@ -26,12 +26,15 @@ Add the following configuration to your Alloy setup:
 ```hcl
 loki.source.file "vault_audit_log" {
     targets = [
-        {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit"},
+        {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit", "level" = "info"},
     ]
     forward_to = [loki.write.default.receiver]
+    tail_from_end = true
 }
 ```
 
+> **Note:** `tail_from_end = true` ensures that only new log entries are read, preventing the ingestion of old lines/entries. It is (probably) required because the audit log file does not contain timestamps and only entry guids.
+
 Check auditing configuration with:
 
 ```bash