300k is the queries, not history. You can set log duration separately.
How many computer do you have? Use the free one first and then personal.

There are many types:
1. DLP, which log at the endpoint
2. SIEM, which log flow at the network, and also can mirror traffic if you install a tap
3. MITM proxy, where you install a root CA on every computer and decrypt all traffic

You can pick one, or a combination of them. But damn how big is your business?
If you are the boss and you have to ask this in a forum, don't need to consider.
Those solution requires full tech team to run.
For SIEM, SOAR, EDR, you need a fully staffed Security Operation Center.

EDIT:
You didn't tell me what you are looking specifically. You suspect he steal your data? Upload to cloud? Or just snaking around?
Very different scenario you know.

Look, the stuff you want is simple.
So make it simple.

Just get started in nextdns and use it as your DNS server now.
Don't need Mikrotik.
Don't need blocking.
Just see what website gets logged.
See how many requests you used a month from now.

What router you using in your office?

I already said go register an account, put it into your Asus and monitor.
You don't waste my time keep asking the same thing with zero progress.