You should be able to do a:
debug aaa all
Look for:
RP/0/RSP0/CPU0:Nov 30 08:22:21.294 CST: exec[65934]: Looking host address in ________/________/vty/0/state/connection/host
RP/0/RSP0/CPU0:Nov 30 08:22:21.298 CST: exec[65934]: Looking host family in ________/________/vty/0/state/connection/family
RP/0/RSP0/CPU0:Nov 30 08:22:21.299 CST: exec[65934]: Got remote address 10.15.1.59 (length 10)
RP/0/RSP0/CPU0:Nov 30 08:22:21.299 CST: exec[65934]: Add remote addr attribute - 10.15.1.59 (length 10)
We had a secure crt client that had something messed up with a login script on this pc 10.15.1.59.