Graylog License Check Violation >72

Hello All.

I had a violation about access to http://api.graylog.com:443
2020-06-02T22:04:11.061Z WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 234, limit: 72
2020-06-02T22:04:11.062Z WARN [LicenseChecker] License violation - Detected irregular traffic records
2020-06-02T22:04:13.175Z WARN [LicenseReportPeriodical] License server response is invalid.

How can i reset this Violation?
Do i need another license?

Or just setup the internet/proxy access properly is more than enought?

Regards,
RNCF

he @RodrigoNCF

Did you restart your Graylog? Did you still have the same error?

Hello Jan.
Thanks for your prompt answer.

Yes, my friend, already restarted Gralog App, and the server as well.
And the error is still there.

Do you know if this violation message should disappear is my Graylog start to communicate with api.graylog.com for license check task?

he @RodrigoNCF

Do you know if this violation message should disappear is my Graylog start to communicate with api.graylog.com for license check task?

yes, once the communication is possible again the status will clear again.

Hello Jan.

The Proxy is set ok.
We can see that the transaction is allowed, and has return from api.graylog.com.

CURL test is OK (by Proxy):
“…
root@innolog3v0001:~#
root@innolog3v0001:~# curl https://api.graylog.com
You have reached the Graylog, Inc API. Please contact Graylog support for assistance or visit https://www.graylog.org/ to learn more.root@innolog3v0001:~#
root@innolog3v0001:~#
root@innolog3v0001:~#
…”

But access from Graylog App (okhttp/3.14.2) still have issue.
we still have the violation in the graylog App:
“…
2020-06-05T21:06:12.936Z ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2020-06-05T21:10:46.566Z WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 246, limit: 72
2020-06-05T21:10:50.667Z WARN [LicenseReportPeriodical] License server response is invalid.
…”

Proxy961×430 52.7 KB

Any idea?
Should i request another license, or reset?

a new license will not change @RodrigoNCF that your Graylog is not able to communicate with the API.

is your proxy tampering the connection?

We have collected the pcap file from the transaction, and analyzed it.
It seems that the comunnication is complety and finish with sucess.

Is it possible for someone in Graylog side to to check the log?
Src: 118.185.21.42
Prx: 165.225.76.89
Dst: 34.192.84.136
Date: 09/jun/2020

ZScalerProxy_Graylog1103×562 63.9 KB

he @RodrigoNCF

we have a single hit 2020-06-09 18:13:57 +02:00 coming in for report.

Something in your Network might tamper the connections, but that is only a guessing.

Hey Jan. Thanks again for your answer.

We have removed Proxy from the flow/traffic.

Now, the Internal Graylog Srv is communicating direct to https://api.graylog.com .
But the Violation error is still there, not fixed.

We fixed the IP for api.graylog.com in /etc/host (for FW rule setup), and curl command receive ok the page result:
“…
root@innolog3v0001:~#
root@innolog3v0001:~# grep api /etc/hosts
18.214.66.67 api.graylog.com
root@innolog3v0001:~# host api.graylog.com
api.graylog.com has address 18.214.66.67
api.graylog.com is an alias for api.graylog.com.herokudns.com.
root@innolog3v0001:~#
root@innolog3v0001:~#
root@innolog3v0001:~#
root@innolog3v0001:~# curl https://api.graylog.com
You have reached the Graylog, Inc API. Please contact Graylog support for assistance or visit https://www.graylog.org/ to learn more.root@innolog3v0001:~#
root@innolog3v0001:~#
root@innolog3v0001:~#
root@innolog3v0001:~#
…”

Graylog Information:
“…
2020-06-18T19:06:05.571Z WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 296, limit: 72
2020-06-18T19:06:05.572Z WARN [LicenseChecker] License violation - Detected irregular traffic records
2020-06-18T19:06:06.792Z ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2020-06-18T19:06:06.926Z INFO [Periodicals] Starting [org.graylog.plugins.license.LicenseManagerPeriodical] periodical in [0s], polling every [300s].
2020-06-18T19:06:06.933Z INFO [Periodicals] Starting [org.graylog.plugins.license.LicenseReportPeriodical] periodical in [300s], polling every [3600s].
2020-06-18T19:06:06.937Z ERROR [MongoAuditLogPeriodical] Not running cleanup for auditlog entries in MongoDB because there is no valid license.
2020-06-18T19:06:07.065Z WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 296, limit: 72
2020-06-18T19:06:07.065Z WARN [LicenseChecker] License violation - Detected irregular traffic records
2020-06-18T19:06:30.743Z ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2020-06-18T19:06:35.478Z WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 296, limit: 72
2020-06-18T19:06:35.478Z WARN [LicenseChecker] License violation - Detected irregular traffic records
2020-06-18T19:11:06.936Z WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 296, limit: 72
2020-06-18T19:11:06.936Z WARN [LicenseChecker] License violation - Detected irregular traffic records
2020-06-18T19:11:09.423Z WARN [LicenseReportPeriodical] License server response is invalid.
…”

Graylog_Lic_Violation1415×492 52.9 KB

How Can i reset this lic violation now?
Network communication is fine.

I think this is telling. Here is an older post with this same error, and for them it was a time issue.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.