I am new to Mcafee ESM. and have been working on it for some time now. My question is how do I troubleshoot unknown events in Mcafee ESM summary dashboard. All these logs are from a Linux syslog messages. Below are couple of logs which are being catogarised as unknown. There are many other logs which are fine from the same data source but many others are unknown.
<4>Jan 29 23:23:49 <hostname> kernel: CPU 0: Machine Check Exception: 0 Bank 5: cc02100000010092
<11>Jan 30 00:28:02 <hostname> xmlrpc.util.api: ip=<xx.x..x.x> sess=H2GQNIQPM5 ping => pong
<11>Jan 30 17:37:03 <hostname> utility-queue-techmail-on-demand Fatal Socket Error: error(32, 'Broken pipe')
<10>Jan 30 17:07:03 <hostname> rntlog.alert: mclock Lock was deleted on 3 server(s)
<10>Jan 30 03:55:15 <hostname> utility-queue-runner: mclock Lock was deleted on 3 server(s)