Policy creation to allow 2 options, log all other attempts

I have a Fortigate F100 with rules in place for the management address of my company's UPS. One policy allows SMTP traffic from that address to our mil server. The other allows DNS traffic from that address, nothing else. I'd like to log any other traffic from the address in question that doesn't match either of these two rules; what's the simplest way to configure such a policy? Just clone the 'UPS Management Address to DNS' rule, set it to DENY instead of ACCEPT, choose every service other than DNS, and hit the log option?