diff --git a/README.md b/README.md
index c4fee92..11275ab 100644
--- a/README.md
+++ b/README.md
@@ -116,9 +116,9 @@ To enhance security and monitoring, enable audit logging on the KMS Vault:
 
 ```shell
 mkdir -p /var/log/vault
-chown -R vault:vault /var/log/vault
-chmod 750 /var/log/vault
-vault audit enable file file_path=/var/log/vault/audit.log
+chown -R vault:adm /var/log/vault
+chmod 02750 /var/log/vault
+vault audit enable file file_path="/var/log/vault/audit.log" mode="0640"
 ```
 
 Then monitor the audit log online:
@@ -133,6 +133,17 @@ or offline:
 jq -r '. | select(.type == "response") | [ .time, .request.path, .request.operation, .request.remote_address] | @tsv' /var/log/vault/audit.log | column -t -N "time,path,operation,remote_addr"
 ```
 
+or using Alloy and Grafana. To use Alloy, add the following configuration to `config.alloy`:
+
+```hcl
+loki.source.file "vault_audit_log" {
+    targets = [
+        {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit"},
+    ]
+    forward_to = [loki.write.default.receiver]
+}
+```
+
 ### Main Vault Configuration
 
 Depending on main Vault state (new or existing), some of the following steps are mutually exclusive.