select your Receiver --> Add Datasource -->
Data Source Vendor: Generic
Data Source Model: Advance Syslog Parser
Data Format: Default
Support Generic Syslogs: Log " unknown syslog" event
and click on okay. Now wait a day or two. Than parse every Log that is marked as Unkown Event. And roll out every ASP rule on this Datasource.
I don't understand your last paragraph. Please advise me in more details or some examples.
Lotus Note isn't a standard Datasource in SIEM, so you must write your own Parser for this in the Policy Editor --> left side Receiver ---> Advance Syslog Parser --> New --> Advanced Syslog Parser Rule.
For this there is a documentation how to parse, i think.