NetFlow

How to record and analyze traffic?

Good afternoon, but tell me mb someone uses what kind of traffic analyzers?
There is a pfsense gateway, right now ipcad+squid+lightsquid is deployed in haste. Well, such a bunch does not excite my imagination, because I would like the NetFlow protocol to be higher, but ipcad can only be used in 5. ipcad is used because it can dump data into the same log file as squid.
I tried ntopng, well, the free version is pretty much curtailed, but first I still look at the free options.
Now I'm looking at bundles of netflow collectors and the elk package, but so far I'm only looking.
They are only interested in options where users do not enter anything, they see and do not suspect at all. DLP systems are not particularly interested. Clients on users' computers too. The protocols are not particularly important, I'm still testing it on NetFlow, but something else is possible.
And you need to mm not just show the user's ip - the ip of the remote resource, but some more detailed description, now I use dig for this and just punch through the ip before entering it into the logs, but somehow it's like that.