I need to set up an analytical report for a client on which URLs each user on the network has accessed. However, the reports I've observed show thousands of records that are not good for this purpose. Quoting the apis, jpgs, js and css that html codes call when a page is loaded. So, inside a firewall on a linux server, how can I differentiate the URLs that users have accessed and which the html codes have invoked (also the other traffic passing through it). What information should I look for to find out what the user actually typed?