No, it wouldn't be in the EULA. There are two parts of GDPR that would specifically go against putting consent to tracking in the EULA:
1. GDPR requires the consent check to be somewhere obvious and in plain language. That was specifically to deal with EULA's given to you in tiny legally compliant text boxes.
2. GDPR requires that you cannot make consent for non-essential usages of data mandatory as a condition for providing your services. Tracking only logged-in people for analytics falls into the category of non-essential purposes. That requires explicit consent, even if consent is not required to use the exact same data for authentication checks.
But wouldn't that be asked for at the same time as signing the EULA, i.e. at account creation? If you're avoiding banners, I can't think where else you'd put it.
If a cookie is not necessary (or you are using a necessary cookie for secondary purposes), then you need GDPR-valid consent. This means:
1. Consent must be separate from other terms being agreed to. So consent in the EULA would not be valid.
2. Consent must be an affirmative, unambiguous action. Pre-ticked boxes or bundled consent are not valid.
3. Consent can be revoked at any time. Revoking consent must be as easy as giving it.
So yes, you can ask for it from a user when you're having them agree to the EULA. However you can't have it as part of the EULA, it has to be an optional add-on. And you still need to let people turn it off afterwards.
1. GDPR requires the consent check to be somewhere obvious and in plain language. That was specifically to deal with EULA's given to you in tiny legally compliant text boxes.
2. GDPR requires that you cannot make consent for non-essential usages of data mandatory as a condition for providing your services. Tracking only logged-in people for analytics falls into the category of non-essential purposes. That requires explicit consent, even if consent is not required to use the exact same data for authentication checks.