Say i want to block all outbound connections not in my allowed list. ie. Facebook denied, google allowed.
Then i want to get an alert anytime someone tries to access anything blocked. Who it was(client mac), and where they were going(ip/url ect). So i could then allow it via API.
How can i capture that event / data?