DNS, DHCP, IIS are done via SIEM collector, and you can only start getting the logs once data source is created on receivers. So I don't think auto learn applies to these above.
This is partially true.
In the options you can select syslog as retrieval and I confirm I got it working with third party tools when creating the datasource manually. I cannot figure out why it is not working with Autoloearn.
Right, ok. You might not be using a SIEM collector, just a syslog client on the server then...
According to McAfee support, Autolearn Windows related Datasource when using syslog needs a PER.
If I do not find any workaround to my issue, I ll create one PER but have doubt that they will be push a patch for this to the product.