/user group add name=sniffer policy="ssh,read" 
/user add address=192.168.1.0/24 disabled=no group=sniffer name=sniffer 
/ip accounting set account-local-traffic=no enabled=yes threshold=2560
/ip accounting web-access set accessible-via-web=yes address=192.168.1.23/32