A Windows service that monitors AnyDesk remote desktop sessions and sends real-time notifications to Slack when users connect or disconnect. Additionally tracks changes to specified configuration files.
- Real-time Login/Logout Tracking: Monitors AnyDesk trace files for incoming session requests and session closures
- Slack Notifications: Sends formatted notifications to Slack with user details, timestamps, and session status
- File Change Monitoring: Watches external configuration files and reports changes with detailed diffs
- User Attribution: Associates file changes with the most recent AnyDesk user
- Windows Service: Runs as a background service with automatic startup
- Configurable: YAML-based configuration for easy customization
- Persistent State: Maintains user session state across service restarts
- Windows OS: Designed for Windows environments
- Go 1.21+: Required for building from source
- AnyDesk: Must be installed and running
- Slack Webhook: Incoming webhook URL for your Slack workspace
git clone https://github.com/mrmihi/any-desk-tracking.git
cd any-desk-trackingCopy the example configuration file and edit it with your settings:
copy config.example.yaml config.yamlEdit config.yaml and set:
webhook_url: Your Slack incoming webhook URLvm_name: A friendly name for this machine (appears in notifications)- Adjust file paths if your AnyDesk installation differs from defaults
go build -o anydesk-tracker.exeRun as Administrator:
anydesk-tracker.exe installanydesk-tracker.exe startAll configuration is done via config.yaml. See config.example.yaml for a fully documented example.
| Option | Description | Default |
|---|---|---|
webhook_url |
Slack incoming webhook URL | (Required) |
vm_name |
Display name for this machine | (Required) |
user_trace_file |
Path to AnyDesk user trace file | C:\Users\...\ad.trace |
service_trace_file |
Path to AnyDesk service trace file | C:\ProgramData\AnyDesk\ad_svc.trace |
app_log_file |
Application log file path | AnyDeskGoTracker.log |
external_file |
Optional file to monitor for changes | "" (disabled) |
allowed_recent_duration |
Time window for "recent" events | 5s |
log_time_layout |
Timestamp format in AnyDesk logs | 2006-01-02 15:04:05.000 |
- Go to https://api.slack.com/messaging/webhooks
- Create a new Incoming Webhook for your workspace
- Select the channel where notifications should be posted
- Copy the webhook URL to your
config.yaml
# Install the service (run as Administrator)
anydesk-tracker.exe install
# Start the service
anydesk-tracker.exe start
# Stop the service
anydesk-tracker.exe stop
# Uninstall the service
anydesk-tracker.exe uninstall
# Run in foreground (for testing)
anydesk-tracker.exe run
# Show version information
anydesk-tracker.exe versionLogs are written to the file specified in app_log_file (default: AnyDeskGoTracker.log in the same directory as the executable).
type AnyDeskGoTracker.logImportant
Protect Your Webhook URL: The Slack webhook URL in config.yaml is sensitive. Anyone with this URL can send messages to your Slack channel.
- Never commit
config.yamlto version control (it's in.gitignoreby default) - Restrict file permissions: Ensure
config.yamlis only readable by administrators - Rotate webhook URLs: If a webhook URL is exposed, regenerate it in Slack
- Monitor logs: Regularly check logs for unexpected activity
- Use HTTPS: Webhook URLs use HTTPS by default - never modify them to use HTTP
The application consists of several key components:
- Monitor (
monitor.go): Tails AnyDesk trace files and parses log entries for login/logout events - File Watcher (
filewatch.go): Monitors external files for changes using filesystem notifications - User Tracker (
usertracker.go): Maintains state of the most recent AnyDesk user - Slack Integration (
slack.go): Sends formatted messages to Slack webhooks - Service Manager (
service.go): Manages Windows service lifecycle - Configuration (
config.go): Loads and validates YAML configuration
- Login Detection: Monitors
ad.tracefor "Incoming session request" patterns - Logout Detection: Monitors
ad_svc.tracefor "Session closed by" patterns - File Monitoring: Watches configured files for write/create events
- Change Attribution: Associates file changes with the last logged-in AnyDesk user
- Notifications: Sends formatted Slack messages with timestamps and user details
- Check permissions: Ensure you're running as Administrator
- Verify AnyDesk paths: Confirm trace file paths in
config.yamlmatch your installation - Check webhook URL: Ensure the Slack webhook URL is valid and accessible
- Test webhook: Use
curlor Postman to send a test message to your webhook URL - Check firewall: Ensure outbound HTTPS (port 443) is allowed
- Review logs: Check
AnyDeskGoTracker.logfor error messages - Verify time window: Events older than
allowed_recent_durationare logged but not sent to Slack
- Check file path: Ensure
external_filepath inconfig.yamlis correct - File permissions: Verify the service has read access to the monitored file
- File format: File monitoring expects YAML format for diff generation
The service only sends notifications for "recent" events (within allowed_recent_duration of the current time). This prevents notification spam when the service starts or when reading old log entries.
# Clone your fork
git clone https://github.com/YOUR_USERNAME/any-desk-tracking.git
# Install dependencies
go mod download
# Run tests (if available)
go test ./...
# Build
go buildThis project is licensed under the MIT License - see the LICENSE file for details.
- kardianos/service - Cross-platform service management
- fsnotify/fsnotify - File system notifications
- nxadm/tail - Log file tailing
- goccy/go-yaml - YAML parsing
Version: 2.1.0 | Built: 2025-12-02