Monitoring internet use per AD login
We have a Server 2003 r2 DC and a Watchguard Firebox Firewall but currently we have no way to audit internet use on a per AD user basis. Our firewalls log server does support logging web use via Active Directory user name but we are currently struggling to get it to work correctly and even when we do have it setup I still won't be entirely happy with doing it that way as users will have to login as per usual to AD and then they'll have to manually authenticate against our firewall if they want to access the internet. Ideally users would only need to login once as usual with no need to authenticate again to get out onto the net but we'd still be able to see what sites every user has visited per AD user name.
I'm wondering what other options we might have and if they may work better than using our firewalls log server? We're not running squid at the moment but I suspect that might be able to do what we want? If we did use squid, would users have to manually authenticate against it before they can access the internet or can this be automated?