Tue Jul 20, 2021 8:17 am
You can see how much some downloads, what DNS request are used ++, but there are many but.
IF user has DoH or some other encrypted DNS request, you do not see what DNS are used.
You can not see inside HTTPS packets to see what is downloaded etc.
Look at link in my signature for see how I have implemented Splunk to analyse MikroTik logs,.