Add auditing section to README with configuration and commands

policies/README.md

@@ -10,3 +10,36 @@ vault policy delete <policy-name>
 ```
 
 Format a policy file using `vault policy fmt <policy-file.hcl>`.
+
+## Auditing
+
+To enable auditing, use the following command:
+
+```bash
+vault audit enable file file_path=/var/log/vault_audit.log mode=0640
+```
+
+Configure Alloy to read the audit logs from the specified file path.
+
+Add the following configuration to your Alloy setup:
+
+```hcl
+loki.source.file "vault_audit_log" {
+    targets = [
+        {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit"},
+    ]
+    forward_to = [loki.write.default.receiver]
+}
+```
+
+Check auditing configuration with:
+
+```bash
+vault audit list -detailed
+```
+
+To disable auditing, use:
+
+```bash
+vault audit disable file
+```