It would be amazing if there was functionality to monitor network traffic at a packet level, regardless of switch syslog capabilities; so having a device onsite that is setup to port mirror from the uplink port (from switch to firewall for instance), and analyse / capture packets coming in and out of a network.