Collect network traffic from single place in cloud

Hello all,
I have installed opennebula cloud with 3 physical nodes and 7 VMs on it. Which place is best suited to deploy snort?? How do I gather whole cloud traffic from single place??how do I deploy ids at hypervisor level??

Please guide me.

snort inline or as a passive IDS?
A single snort inline instance with nfq can’t analyze more than few hundreds Mbit/sec, moreover most of the snort rules deal with unencrypted traffic. If you control all VMs (and all are Linux) I would deploy snort inline with nfq on the VMs as the snort endpoints and collect the snort alerts on an ELK or prometheus instance for monitoring.