docs(policy-activity): note that Log action rules are not tracked

calico-enterprise/observability/review-unused-network-policies.mdx

@@ -19,6 +19,7 @@ As your cluster grows, stale or unnecessary network policies and rules can accum
 **Limitations**
 
 - Policy activity data is not displayed for managed clusters running a version older than this release.
+- Rules with `action: Log` are not tracked by policy activity. The `Log` action is a diagnostic tool that writes to the kernel log (iptables) or trace pipe (eBPF); it is not part of the policy evaluation scope. Only terminal actions (`Allow`, `Deny`, `Pass`) and their associated rules appear in policy activity data.
 
 ## View policy activity in the Manager UI
 

calico-enterprise_versioned_docs/version-3.23-1/observability/elastic/policy-activity.mdx

@@ -117,3 +117,4 @@ Compare the output from the steps above to identify unused resources:
 
 - **Logs require traffic**: Policy activity logs are only generated when a rule is evaluated by traffic. Resources that have never been hit will not appear in these logs. You cannot identify them by querying for "old" logs; you must identify them by their absence from the active log data (as performed in the comparison steps above).
 - **Long-lived connections**: A policy evaluation is logged only when a connection is established. If a connection remains open for a long duration (e.g., longer than your 90-day query window), the associated policy may not generate new logs, potentially making it appear "unused" despite actively carrying traffic.
+- **Log action rules are not tracked**: Rules with `action: Log` are not recorded in policy activity logs. The `Log` action is a diagnostic tool that writes to the kernel log (iptables) or trace pipe (eBPF); it is not part of the policy evaluation scope tracked by policy activity. Only terminal actions (`Allow`, `Deny`, `Pass`) and their associated rules appear in policy activity logs.