The solution above would fool 99% of people but if they realy wonted to it can be done.
One would do a download buy the normal means and read the HTTP headers to find where the server has sent you for the download.
Because of the the way a webserver works the only real way to prevent people from downloading the file directy would be to place them in area which has to be logged into. As you have said this not an option.
Another option is to encrypt the download, then force the user to ask for password. Place your tracker on that page.
My final idea to this, would be to monitor the web server logs, to see how meny people request that page, you can get alot of information from the logs.
hope this helps
SittingDuck