Is it possible to have Suricata output compressed eve files? I dont see it as an option in the config file, I just wanted to confirm it isnt possible.
No, it’s not possible.
I suppose it could be a reasonable feature request.
Personally, I prefer a file system that offers compression, as JSON does compress well.