I'd like to run security-onion (an IDS) in a VM which means it needs to see all the network traffic from the VM host. I've tried putting the individual machine tap interfaces into promiscuous mode and putting the bridge that they are all in into promiscuous mode as well but while the host can see the traffic from all the guests I've not managed to pass any traffic through to my IDS guest.
Can this be done and if so how?
Can this be done and if so how?