PowerScale: Protocol Audit Logs Showing Wrong Client IP

Protocol Audit logs showing wrong client IP, audit events not showing correct client IP.
Operation from Windows(SMB), Network File System(NFS) shows the wrong client IP.
Example:

Deletion of file from Windows Client 10.226.14.14x
File Delete operation on - /ifs/logs/Logs_ESXi/test-l4-013170_BAK/test-13170-vmkwarning.6

Audit logs the IP shown is different - 10.228.234.19x

[1019: Fri Jun 9 08:32:51 2023] {"id":"bfd202ad-06c1-11ee-ad51-0060486e3a9c","timestamp":1686313971173038,"payloadType":"c411a642-c139-4c7a-be58-93680bc20b41","payload":{"protocol":"SMB2","zoneID":4,"zoneName":"xxx","eventType":"close","detailType":"close-file-unmodified","isDirectory":false,"clientIPAddr":"10.228.234.19x","fileName":\\ifs\\logs\\Logs_ESXi\\test-l4-013170_BAK\\test-13170-vmkwarning.6 ,"userSID":"S-1-22-1-0","userID":0,"bytesRead":0,"bytesWritten":0,"numberOfReads":0,"numberOfWrites":0,"ntStatus":0,"fsId":1,"partialPath":"Logs_ESXi\\test-l4-013170_BAK\\vmkwarning.1_040621","rootInode":4454154241,"inode":4457763462}}

After setting up and configuring audit settings, the configuration are not correctly refreshed and the events from zone do not forward as they should.

Made audit settings changes as below:
Changing the following setting as example (or other audited event):

# isi audit settings modify --remove-audit-success open_file
# isi audit settings modify --add-audit-success open_file

Change the list of events audited, then after change, change it back to the original list. Sometimes this can refresh the configuration and get the events from the zone to start sending correctly.

Similar issue as reported on 
Isilon: Non-System access zones configured for syslog forwarding of protocol audit events do not forward events as they should