A user complains vCenter is locking him out. He "turns off everything" but still the domain controller reports the vCenter IP for the lockout source (this is a 5.0 vCenter, I don't know if this changed later).
Checking vCenter the user doesn't have any processes (hey, it could be the case) but he does show up in the vCenter logs. Alas, I don't see an IP in the logs. I google why and I find these links:
The great William Lam offers awesome explanations (he is really awesome) on how to enable verbose logging and finding out everything about each session. In the first link, however, a simpler/much faster/no change required answer appears by user aorady (which wasn't labeled as the answer).
The vCenter event view always shows IP for failed logins in form of
"Cannot login domain\username@XXX.XXX.XXX.XXX"
So, if you just needed the IP, you are good to go. There's lots of ways to do things, but finding a fast and simple way can be a big help.
No disrespect to William - I bet his explanation will come handy for a much wider variety of cases, especially if the user is having several sessions and you just need to track one.