Surely I'm not the ONLY person wanting to know the answer to this.
I am slowly inventorying all of our web maps, GIS applications, etc. that utilize our REST Services on our ArcGIS Servers. But we have civic hackers, local web developers, etc. that are using our services for various maps and/or mapping apps and I'm wondering if there isn't someway to discover or list out all applications that are consuming our REST Services?
I recommend using a free program called Fiddler which can log traffic to and from the server. Just install it on your ArcGIS Server machine, set it to capture traffic and you will have a log of all requests for your REST services, including where those requests are coming from.
One thing that is helpful is you can disable the REST Services directory. See the below link for more info:
We're City Government working with our Local Open Data group so disabling isn't something we're aiming at. We're running a webadaptor and working on setting up a private / internal webadaptor to obscure any REST Services we don't want used for public consumption. But thanks.