Ok, so I thought I'd just start throwing sensors inside of subnets to push things along a bit while I'm trying to figure this other situation out, so I installed the sensor on my PC as a test for my subnet.
I'm seeing the same spiking in CPU usage and receiving the same errors. The errors aren't nearly as large in number because I am in a small subnet, so I noticed a couple other notifications it was giving.
 INFO RSDSensor.ServerCom <> - The server returned HTTP status: 200
I've tried doing some searching on that, but I can't seem to find what that exactly means.
Ok so apparently the 200 status means communication was ok.
What does the sensor throttle message mean? Does anyone know?
We saw entries like this on the RSD_out.log on all of our Rogue Sensors
02-13-10 22:06:03,828  WARN RSDSensor.ServerCom <> - The sensor throttle period has expired, sending the retry queue.
02-13-10 22:06:08,328  WARN RSDSensor.ServerCom <> -
SocketException: Failed to resolve remote hostname XXX.XXX.xxx.xxx
11004: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for.
HTTP POST failed, adding the request to the retry queue.
02-13-10 22:06:37,830  INFO RSDSensor.ServerCom <> - Queueing host detection message for later transmission, due to sensor throttle.
Turned out the issue was that our reverse lookup entry in the DNS had been deleted. After we fixed that, it was good.
I tried the command telnet xxx.xxx.10.99 8843 from my workstation to the ePo server and watched the HBSS firewall and saw it was accepting connections.
I also noticed no other 8443 connections were coming in. That's when I went to the RSD_out.log on a few of the RSD's we had and saw the above entry.
Added in the reverse lookup to DNS and all of our sensors are now reporting in successfully.
Now, why does it need the hostname when it has the IP????????