Our Kafka alarms are currently not offering any way of figuring out what clients (producers/consumers) are connected and what is their IP address.
In T172681 this would have been really useful to trace the faulty producer back to rhenium.wikimedia.org, rather than having to restart a broker with verbose logging.
Since we are introducing Kafka ACLs with the new Jumbo cluster we could simply tune the kafka-authorizer.log (I did it in labs when testing and it was quite handy).