Would it work if you could get source IP from the registry of the VDI machine or does it have to be from Security Server and Connection broker?   If it doesn't matter then check the HKCU/Volatile Environment/ of the virtual machine the users are connected too.   There is a lot of client/user information contained in that section.

We've been writing this to the debug log of connection servers and security servers for a good while now. If you're using View 5.1.3 or later, or 4.6.2 or 4.6.3, look for this pattern in the debug log:

Request from <address>: <method> <path>

As mittim12 points out, it's also available in the user's environment on the guest, but there's a difference: the information on the guest is provided by the client, whereas the debug log entry is determined from the network connection. In the simplest of environments, these will be the same, but typically there'll be various layers of network translation between client and server.

I appreciate the info. The only place I've found the source IP info is where mittim12 mentioned...in the registry under HKCU/Volatile Environment/. We've gone through quite a few View versions and the logs have changed with each upgrade. We're currently running 5.2 and I can't find source IP information in either debug or events log.

We've just implemented Log Insight and I'm wondering if I can collect this info from the VDI VMs through either Log Insight or vCOps for View. I understand future View releases will provide this information in the events log.

So...from the Connection Managers I enabled syslog output to a UNC share. We used our Arcsight server to collect those logs and sure enough, source IP info from Security Server connections are there along with internal connections. I appreciate the info guys.