The Recent Tasks pane in vCenter is being spammed with thousands of "Look up portgroup based on portgroup key" messages.

VMware vCenter Server

External programs are able to access the vCenter via API to gather information on various objects managed by the vCenter.  This includes portgroups, hosts, virtual switches, etc.

These API calls use the GET method to request data from vCenter.

envoy-access logging contains a summary of GET calls run against the vCenter, including the source and destination IPs.

To determine which IPs are issuing the largest number of GET commands, run these commands from the vCenter CLI:

cd /var/log/vmware/envoy

grep envoy-access*log | awk {'print $18'} | cut -d: -f1 | sort | uniq -c

To gather the source IP information and number of calls issued from older envoy-access logs, use:

zgrep envoy-access*gz | awk {'print $18'} | cut -d: -f1 | sort | uniq -c

The above method can be used to determine IPs issuing GET calls against the vCenter along with the frequency.  This can help finding the source for unexpected recent tasks when the source appears to be external to the vCenter and isn't identifiable by the username used to make the call.