If it's in /var/log/messages that means the message passed through the syslog daemon, so I would assume it's possible.
Did you try configuring a syslog rule like *.* @splunk ?
Hi Jon, sorry for the delayed answer.. I configured daemon.info @splunkIP:514 but still do not get any logs into the siem
furthermore I found this entry in message log: kernel: Kernel logging (proc) stopped.
If I configure *.* @splunkIP , wouldn't the proxy send all kind of logs to the siem?
Thanks very much in advance