I have my Honeyd servers piping to our MARS box and I am trying to get the reports to show something useful. Currently all I get are a bunch of "Unknown Device Event Types". What must I do in order for MARS to see this as readable data that I can produce Reports and Alerts on?
You will need to create a custom parser in MARS that recognizes the honeyd-specific syslogs. That's why you're events are being classified as Unknown Event Type. Best bet is to see if someone has already done this for other SIEMs, and then just steal their regex (regular expressions). Otherwise, you will need to get a list of all (or the most important) honeyd syslogs, and map each one to a MARS rule.
There are good examples in the Netpro MARS Packages sub-forum. That's a good place to start.