Setting up Network Monitoring for Small Business

Monitoring what sites your staff visits can be done using the router logs if it supports it, I use LEDE/OpenWRT and it's easy to monitor.

Since most sites people log into use HTTPS it is going to be harder to get their name and passwords. ( probably illegal too ) You're going to have to create a HTTPS certificate and install it on every computer to capture this.

If your users are using Chrome as their browser don't bother trying it will make it quite obvious what she is up to.

If your users are using using Internet Explorer she will probably get away with it, Unless they visit a Google owned site or use Google+ as a logon to site don't bother trying it will make it quite obvious what she is up to.

If they are using a smart phone don't bother trying it will make it quite obvious what she is up to.

What she wants to do is called a Man in the Middle Attack ( Google that to learn how ) if your router supports port mirroring it will make it easier. It's not easy to setup and it will slow the network down to a crawl if your company has three or more computers.
Note on WireShark:
The file you end up with be huge and picking out the data she wants will take one person probably days for just a 8 hour day of logs

Big companies buy routers or computers setup to do this easily. but they are very expensive and even more so for the undetectable one's

Dashie1021 said:

My boss wants to be able to monitor the web history and logins to websites accessed on all staff computers in the business without using a proxy. She wants something that can pull the local username from the computer and what content was viewed. How can we about doing that if six people share several different computers on one network? We all use Windows 10 Pro with Static I.P.s if that helps any at all. I showed her how Proxy applications worked but she wasn't thrilled with the logging into the web browser all of the time.

Run everything through OpenDNS for Business and use something like Symantec's EndPoint Cloud to make secure policies. It would be a tax writeoff for those tools to be used to help maintain the network and making sure that people are not trying to do something they should not be.

The other option would be to either buy a NAS like a Synology that has two Ethernet ports, up the RAM in it, install two Enterprise drives with enough space, secured drive copy on an external, setup a Domain on it. Otherwise build a pfSense box, XG, Endian or one of the other good Community edition firewall/UTM packages. List of all Firewall/UTM builds that are built on a Linux platform. List of router and firewall distributions - Wikipedia

Just be aware that users have to agree to that they are being monitored on their systems to cover the company in case they try to state that someone else was using their credentials, which should also be a part of the statement that they sign, that they agree to be monitored all times while using company workstations and on the company network. They also need to be given a section that describes their rules allowed for arbitration and it would be their cost if they decide to hire an outside third party mutual person to be their representative if they may be found guilty of violation of the policy, but that does not automatically clear them if the company still makes the decision to cut ties that would not damage their ability of getting a referral after they resign. None if they get fired.