Enterprise license error still occure

afmin · February 21, 2020, 12:56pm

Daily traffic limit: 5.0GiB (allowed violations per 30 days: 5)
Requires remote checks: Yes (allowed consecutive check failures: 72)
License expiration warning: 30 days before

neither the articles in the topic Graylog 3.1 - Enterprise License Violation - #7 by jan nor in License Violation Issues - #32 by jan have helped.

[graylog]# curl -v https://api.graylog.com/releases/active

Host: api.graylog.com
Accept: */*

< HTTP/1.1 200 OK
< Server: Cowboy
< Connection: keep-alive
< Date: Fri, 21 Feb 2020 12:17:30 GMT
< Content-Type: application/json
< Vary: Accept-Encoding
< Content-Length: 213
< Via: 1.1 vegur
< 
* Connection #1 to host api.graylog.com left intact

server.log

> 2020-02-21T13:22:30.404+01:00 WARN  [LicenseChecker] License violation - Daily traffic limit of 5368709120 bytes has been violated more than 5 times in the last 30 days
> 2020-02-21T13:22:30.404+01:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records

Outgoing Traffic:
Monday: 5.9GB
Tue: 4.9GB
Wen: 3.7GB
Thu: 3.6GB
Today: 1.9GB

Any ideas?

shoothub · February 21, 2020, 1:11pm

Did you read, maybe calculation is not proper:
https://docs.graylog.org/en/3.2/pages/enterprise/setup.html#license-verification

You can check actual output traffic using Rest API:

http://graylog.domain.com:9000/api/cluster/NODE_ID/metrics/namespace/org.graylog2.traffic.output

Or web interface:

System - Nodes - Metrics - org.graylog2.traffic.output

jan · February 21, 2020, 1:36pm

please send a screenshot of “System > Overview” that shows clearly the complete traffic graph.

afmin · February 21, 2020, 1:48pm

Hi @jan

afmin · February 21, 2020, 1:53pm

Hi @shoothub

for each graylog node:

{"total":1,"metrics":[{"full_name":"org.graylog2.traffic.output","metric":{"count":1495840221},"name":"output","type":"counter"}]}

{"total":1,"metrics":[{"full_name":"org.graylog2.traffic.output","metric":{"count":55660},"name":"output","type":"counter"}]}

{"total":1,"metrics":[{"full_name":"org.graylog2.traffic.output","metric":{"count":5736026008},"name":"output","type":"counter"}]}

afmin · February 24, 2020, 9:05am

Hi @jan

Should be working with this amount, right?

jan · February 24, 2020, 9:12am

he @afmin

the window is 30 days and you are allowed 5 time above 5GB. From the graph it is hard to tell where the 14th is … but I guess it has reached 5 on a point … You need to wait until you do not have 5 spikes in that window.

afmin · February 24, 2020, 9:27am

Hi @jan

Is there a command to check / monitor the calculated traffic with is responsible for the spikes?

jan · February 24, 2020, 10:33am

in 3.2 we have implement the meta field gl2_message_size that allows you do investigate in that.

Before you need to look from the message count and believe that the source send most messages is the root of that problem.

afmin · February 24, 2020, 9:11pm

He @jan

So there is not option to verify it with the 3.1 version or get to know more about the log from the graylog server itself?

jan · February 25, 2020, 8:59am

he @afmin

no I can think off …

system · March 10, 2020, 8:59am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
License violation problem Graylog Central (peer support)	4	1200	August 16, 2021
License violation message Graylog Central (peer support)	6	3556	July 23, 2018
Graylog 3.1 - Enterprise License Violation Graylog Central (peer support)	9	3514	November 27, 2019
Graylog Enterprise - License Violation Graylog Central (peer support)	3	484	December 16, 2019
License Violation Issues Graylog Central (peer support)	32	7821	March 26, 2018

Enterprise license error still occure

Related topics