Graylog 3.1 - Enterprise License Violation

I added a Free Enterprise Lic while my daily logs were over the 5 GB limit I was able to get the logs under 5 GB consistently every day since by filtering out the noise, but I am still getting the red banner on all screens Graylog Enterprise License Violation. Will the alert go away and subsequent features become active when the daily stays under 5 GB after a thirty day period?

he @asnook

that is right. if the sliding window does not contain the violation anymore the warning will disappear.


Great to hear (I have three days to see that or not see it as the case may be) that said will the subsequent features that are current disabled also, will they activate at that time?

subsequent features that are current disabled also, will they activate at that time?

in exactly that minute

2 days ago my daily output has gone under 5 GB for the 30 days. Checking to verify the server can connect to proved that it connects fine and has the correct version, but my server still has the same licence error
" Graylog Enterprise License Violation

At least one term of your Graylog Enterprise license has been violated. Go to the Licenses page for more information or contact your Graylog account manager."
Plus none of the enterprise add on functions have started either.

This is what the licence page says.

Details: Daily traffic limit: 5.0GiB (allowed violations per 30 days: 5)
Requires remote checks: Yes (allowed consecutive check failures: 72)
License expiration warning: 30 days before Violations detected

State: This cluster is not covered by the license.

The output from running curl -v -XGET is:

  • About to connect() to port 443 (#0)
  • Trying…
  • Connected to ( port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Server certificate:
  •   subject:
  •   start date: Oct 18 23:12:03 2019 GMT
  •   expire date: Jan 16 23:12:03 2020 GMT
  •   common name:
  •   issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US

GET /releases/active HTTP/1.1
User-Agent: curl/7.29.0
Accept: /

< HTTP/1.1 200 OK
< Server: Cowboy
< Connection: keep-alive
< Date: Tue, 12 Nov 2019 16:38:45 GMT
< Content-Type: application/json
< Vary: Accept-Encoding
< Content-Length: 215
< Via: 1.1 vegur

it looks like your cluster ID is not part of this license:

State: This cluster is not covered by the license.

That is the error if the cluster id of the license and the cluster id of the server is not the same.

So I guess I need to resubmit for the free lic. with hopefully the correct cluster ID. Which I thought I had.

All is good now. I requested a new licence with what I guess is the correct Cluster ID now and all functions are actively working thanks for your help.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.