If somebody has done or is thinking of doing something similar any advice is welcome.

In a typical setup where multiple users are behind NAT and internet access is over one external ip address how to solve logging of all connections made by users through NAT (internal ip:port + external ip:port + time + protocol used) ?
This should be transparent to the users so proxy is not an option at this time.

Do you imagine how your log is going to look like after some p2p transfers?

Well the point is to get all those connections logged somewhere, it doesn't have to be a local log, remote log could accept a very large number of records.
Those records could be imported into some database to easy reporting.
Again, I was wondering if anybody has done something like that and in what way ?

What kinds of logs are you looking for is the main question. If you want to log all of their HTTP domain requests, then you need to use a proxy to get that information, with a transparent one being the easiest to setup, but it will only work with HTTP. If you wanted more than that, you would need to be able to configure each computer to use the proxy to gather that information.

If you just want to know what IP address they went to, how much data was transfered, etc. the Netflows is the answer to your question. It is available under ip->traffic flow with the MikroTik. The router can send that data to a netflows collector/analyzer. There are several analyzers available depending upon the need, how much you want to pay, and how fast you need it, and what features you want. There are several open source free ones like ntop and nfsen, but they take a bit to setup and you have no support and may not have all the features you are looking for. Then there are tons of collectors that you can pay for, just goolgle them.

Another option is to log new connections in the forward chain of the firewall and send all that information to a syslog server. That will be a lot of information though and not very easy to work with.

If I only wanted http then it would not be a problem but I would like to see all connections.

I was looking at netflow but it does statistical numbers, which ip was accessed and how many bytes were transfered but I would like to know the exact time of each connection and I don't see that in netflow (am I correct about this ?).

Right now I'm closest to your last suggestion, just log all connections out of forward chain to syslog and than somehow manage all that information in a meaningfull way.

Netflows does include when the flow started, when it stopped, what ports were used, how many packets, how many bytes, etc. were transferred.

It looks that I need to look at it more closely.
So maybe netflow is the answer here