Probably the most frequently asked question about Zeek is "how many Mb/s can it handle?". The answer unfortunately is "it depends". Zeek’s CPU and memory performance depends on a number of factors including configuration and input traffic; and due to its complex analysis, it does so even more than for other IDSs.

To help, we want to develop a standard Zeek benchmark that measures performance in a particular environment with a suite of standard configurations. If the benchmark also collected a few specifics about the hardware Zeek is running on and some overall (aggregrate) traffic statistic, that would allow us to compare different environments/platforms and derive conclusions and recommendations on what’s realistic to expect.

This would actually make a nice research project for a student.