Pihole will show you devices and the domains they access, it's not particularly designed towards that end, but it can.
You can sit down with them and have a look at their history?
I use Pihole to block nefarious sites (malware etc.) but also I use the OpenDNS (now Cisco) family friendly DNS addresses as nameservers. I can add domains if needed through the Pihole interface, or through the OpenDNS interface (former is easier).
It's not watertight, but I figure if they can work out how to workaround it then they're at a level where I should give more generic guidance. They get exposed to porn and what not on social media (which I don't block) and through friends at school and through their friends devices, or connecting to other networks I don't have control over. Easiest workaround imo is to fire up a browser that uses TOR.
Mind you we're a computer/consoles only in family rooms household and they don't get phones until they go to highschool (11yo).
Years ago, I set up https://mitmproxy.org on a Raspberry Pi and used it to get logs of every site that my kids would visit. I should be clear that monitoring/spying != parenting, but it definitely made me feel a little better to have some idea of what the kids are using the internet for.
From a technical perspective, it did exactly what you want. I had logs of full urls (not just domains). So, for example, I could view what they googled and when, if I wanted to anyway.
It did involve installing a certificate on the computer that they use, but there are how-to guides so setting everything up was simply a matter of following instructions.
The biggest drawback is that it noticeably slowed their internet. I imagine if I had run this on a more powerful computer it may have been better.
---
Note, for those suggesting PiHole, it is very good for getting logs of domains accessed, but not very informative. For example, you can tell that a computer accessed "youtube.com" at a certain time, but not what was actually viewed. That may be obvious to many of us, but just clarifying in case it is not obvious to the OP.
I am thankful that you take an interest in your children's activities.
From a very early age, we invited virtual strangers and machines into our home. Before my First Communion, my best friends were the Little Engine That Could, Dr. Seuss, Atari 2600, Mr. Rogers, and cassettes from K-TEL.
Typically parents may discuss with children what they saw on TV or read in a book, or how their school day went. Have introductions to friends and peers, get to know who we're hanging out with. Our parents seemed actively disinterested in our interior lives, and intent on doing their adult duties while we were unneeded.
It became readily apparent that, more than anyone else, strangers and machines were more interested in my activities and interests. There were no supportive or encouraging friendships for me in class or in the neighborhood.
And with human connection and relationships that broken, it was inevitable that we escaped into cyberspace and fantasies. In fact, I attribute my paranoia and fear/hatred of other humans to this. "Beat Me, Bore Me, But Never Ignore Me" was my motto.
We'd been adopted, and our parents were just in the lineup of caretakers for pets. We grew up to be excellent pets.
> So, for example, I could view what they googled and when, if I wanted to anyway.
How old are your kids and do they know you are doing this? There surely is a difference between a 5- and a 15-year old. But if they are not at all aware they are constantly being watched like that, man that's some serious breach of trust. This full-on surveillance could damage your kids for life.
I'm so glad this kind of tech hardly existed when I was a kid 30 years ago.
This tech existed 30 years ago, just wasn't packaged up for easy deployment.
As late as 2012 you could MITM people in your network, even without being the person managing the router. ARP poisoning and mitmproxy or just some intelligent reverse proxy, you could pick up the cookies, URLs, and POST data for all the requests in the network.
Sure, a computer nerd dad could have somehow surveilled me dialling into some BBS with my 28.8 kbps modem, but the number of people in the world that actually did this to their kids can probably be counted on one hand, and they were all psychos.
MITM-ing https google searches with a custom root cert today, man, you don't want to leave your kids any privacy? Do you also have hidden cameras in their bedroom? That's roughly on the same level.
I know where you're coming from but there's something that's a bit off for me.
The way I think about it is if I take my daughter to the park and let her run around. I have my eye on her of course and she knows that I have my eye on her.
I'd be less comfortable if I told her to go the park and have fun but then without her knowing went over to the park and watched over her.
If she was annoyed by this I couldn't blame her. I wouldn't really want to get in a situation where I'm worried she'll find out I'm surreptitiously spying on her.
If on the other hand it's the first scenario where everything is in the open and she's not happy with that - she's running away where I can't keep an eye her - then we can talk about it and as the parent if worse comes worse I can just say, OK no more going to the park because we can't come to a place where we're both happy.
At the end of the day though I don't want to be going to the park with my daughter. I want her to go by herself and not get up into shenanigans. The whole thing I'm doing is to raise her in a way that when she's on her own she's aware of what's bad/dangerous/stupid and doesn't do that.
Monitoring her (especially without her knowledge ) is only tangentially related to the goal. And if I'm doing it on the sly how do I let her know? Say, daughter, if you were in a park and if some guy offered you candy, you'd say no, right? Further wouldn't that give away the game that I'd been spying on her?
But in your case I think a PiHole would make sense, first of all you don't need to put it on the router, just point the router's default DNS to your pihole. But a pihole will give you a nice dashboard of all the DNS records resolved in your network. Which will give you a really good idea of what your kids are doing, since most of it is via DNS.
I've used NextDNS. Pretty handy. Just change DNS settings on devices with your NextDNS profile specific resolver address and you can see the logs of all websites accessed from each device.
I use Unbound as my local dns resolver, and it has an option to live dump unique names to a file (but not the ips that requested it.) Its easy to parse and you get a general idea whats passing through; the individual clients don't matter to me unless something looks like its worth investigating, then use dnstop for specifics.
Edit: I forgot not all traffic will use the local resolver, so dnstop would be more accurate
If you have a decent router, you can configure Netflow and send flows to a collector and then you can ingest in an ELK or similar platforms for further analysis.
It requires a bit of work, but combined with DNS logs it's the best way to monitor the traffic
Like I'd like to know the sites being visited on different devices.
Is there any such thing possible?