I have DNS debugging turned on. It works as it is supposed. However, in order to see where the users go and issue the appropriate warnings to the employees, I have to go through those logs manually, Rip apart the data, verify web sites, and hope I get the data correct. A couple of people, I admit, I got the data incorrect. There has got to an easier way.
The ultimate goal is this:
1. get the users IP address
2. get the date and time of the access
3. get the web site they accessed
4. resolve whether the site is one that they went to either by a favorites click, web search, actually typing in the address or whether it was done by a pop up, banner ad, etc that cannot be controlled.
it usually takes me about 1 week and half to go through 2 days of logs. I have done it enough times to cause my "real" network administration duties to fall behind.