In order to log all web traffic in Palo Alto, go to Objects | URL Filtering | <your profile>, and set all categories to either Block or Alert (or any action other than none). This will ensure that all web activity is logged.
Configure Palo Alto to send syslog messages to a syslog server such as Kiwi Syslog, then import the resulting text logs into a WebSpy Vantage Storage.
You can then analyze and report on either the Traffic or Threat schema. The Threat schema contains information about websites visited (URLs), and the Traffic schema will contain information about bandwidth and connections.
We also recommend to enable HTTP Header Logging. To do this, please How to Enable HTTP Header Logging and Track URLs Accessed by Users.
Unfortunately, Palo Alto does not log size information along side URLs, so determining how much bandwidth is associated with a particular website is not possible.
You can however analyze browsing and session times between users and websites using WebSpy Vantage.
For more information, please see our more detailed article and video on Web Activity Reporting with Palo Alto Firewall Log Files