Ideally you use a mirror port so that all traffic being routed also gets sent to the SecurityOnion services for automated analysis, reporting, and alerts (depending on how SO is configured).
as andrewstuart2 mentioned, you need it to see all traffic, which doesn't happen if you just connect it to the router. If you have an ethernet connection your internet traffic goes through, you'll want to put a device in there that sends you a copy of all traffic (one simple and cheap option is a Netgear GS105E switch).