Enterprise license error still occure

Daily traffic limit: 5.0GiB (allowed violations per 30 days: 5)
Requires remote checks: Yes (allowed consecutive check failures: 72)
License expiration warning: 30 days before

neither the articles in the topic Graylog 3.1 - Enterprise License Violation nor in License Violation Issues have helped.

[graylog]# curl -v https://api.graylog.com/releases/active

Host: api.graylog.com
Accept: */*

< HTTP/1.1 200 OK
< Server: Cowboy
< Connection: keep-alive
< Date: Fri, 21 Feb 2020 12:17:30 GMT
< Content-Type: application/json
< Vary: Accept-Encoding
< Content-Length: 213
< Via: 1.1 vegur
< 
* Connection #1 to host api.graylog.com left intact

server.log

> 2020-02-21T13:22:30.404+01:00 WARN  [LicenseChecker] License violation - Daily traffic limit of 5368709120 bytes has been violated more than 5 times in the last 30 days
> 2020-02-21T13:22:30.404+01:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records

Outgoing Traffic:
Monday: 5.9GB
Tue: 4.9GB
Wen: 3.7GB
Thu: 3.6GB
Today: 1.9GB

Any ideas?

Did you read, maybe calculation is not proper:
https://docs.graylog.org/en/3.2/pages/enterprise/setup.html#license-verification

You can check actual output traffic using Rest API:

http://graylog.domain.com:9000/api/cluster/NODE_ID/metrics/namespace/org.graylog2.traffic.output

Or web interface:

System - Nodes - Metrics - org.graylog2.traffic.output

please send a screenshot of “System > Overview” that shows clearly the complete traffic graph.

Hi @jan

Hi @shoothub

for each graylog node:

{"total":1,"metrics":[{"full_name":"org.graylog2.traffic.output","metric":{"count":1495840221},"name":"output","type":"counter"}]}

{"total":1,"metrics":[{"full_name":"org.graylog2.traffic.output","metric":{"count":55660},"name":"output","type":"counter"}]}

{"total":1,"metrics":[{"full_name":"org.graylog2.traffic.output","metric":{"count":5736026008},"name":"output","type":"counter"}]}

Hi @jan

Should be working with this amount, right?

he @afmin

the window is 30 days and you are allowed 5 time above 5GB. From the graph it is hard to tell where the 14th is … but I guess it has reached 5 on a point … You need to wait until you do not have 5 spikes in that window.

1 Like

Hi @jan

Is there a command to check / monitor the calculated traffic with is responsible for the spikes?

in 3.2 we have implement the meta field gl2_message_size that allows you do investigate in that.

Before you need to look from the message count and believe that the source send most messages is the root of that problem.

He @jan

So there is not option to verify it with the 3.1 version or get to know more about the log from the graylog server itself?

he @afmin

no I can think off …

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.