The place that first comes to mind is the security log. It logs all logons, and when an RDP client connects and authenticates, an event is generated that includes the client's IP address. I use this log regularly to determine source IPs for RDP clients.
ShackDaddy