Connector wrapper port usage

  • KM02704568
  • 17-Jan-2017
  • 17-Jan-2017

Summary

Connector JVM wrapper, developed by Tanuki Software, requires available port in order to start. Port 1777 has been assigned by ArcSight connector. If however that port is unavailable, such as by another connector on same device, then one from a range of ports between 31000 and 31999 will be used. In short if binding to port 1777 fails it will poll 1000 ports from the range until a binding can be performed.

Error

WrapperManager Error: Failed to connect to the Wrapper at port 1,777 by binding to any ports in the range 31,000 to 31,999.  Cause: java.net.BindException: Address already in use: JVM_Bind INFO   | jvm 1    | 2017/01/11 20:47:05 | WrapperManager Error: Exiting JVM...  
 

Cause

default Port 1777 has been assigned by ArcSight connector.
If however that port is unavailable, such as by another connector on same device, then one from a range of ports between 31000 and 31999 will be used.
In short if binding to port 1777 fails it will poll 1000 ports from the range until a binding can be performed
If those ports are made unavailable by the system OS then wrapper will fail to bind causing connector start failure.

Fix

1.  Make sure you have an open port which can be assigned to the instance of connector wrapper that needs it.

2.  Defaults are  
wrapper.port=1777
wrapper.port.min=31000
wrapper.port.max=31999

 

 

3.  agent.wrapper.conf can be modified to included modified properties (different from defaults above) if needed.
4.  It is recommended in multi connector devices to hardcode the wrapper port to not conflict for each connector.  This way the range of addresses will not be used leading to suggestion of "random ports" being used.
Therefore no surprises on random port scans for unexpected listening ports.