Creating an office network and monitoring all activity without a proxy

Use a transparent proxy. Your applications then don't need any configuration change.


Why not use a [hardware] firewall? (Or cluster of firewalls for HA/failover.)

Every major firewall I've worked with has the capabilities you're asking about. Cisco ASAs are solid and standard for this kind of functionality, and Palo Alto Networks make great "next gen" firewalls with more advanced application and url-level filtering and reporting, if that's where your primary concern lies.

Using a computer as a router and trying to hack together some packet-capture to url filter/report sounds like a nightmare that's easily avoided by using the standard tool for this job.