Good morning. I have recently installed the < 5Gb per day enterprise license, and I keep running into a problems. Currently I have a red banner at the top of the window that states “Graylog Enterprise License Violation” and when I go to the licensing page, the messages I see are “Daily traffic limit 5.0Gb” and “Remote checks have failed too many times”.
My heaviest day since setting up the appliance has been 1.7Gb, so I am no where near the 5.0Gb daily limit. The other issue about remote checks seems to be the problem. I have had a little bit of back and forth with a graylog employee that emailed me when I requested my enterprise license, and I was told that I need to be able to connect to api[.]graylog[.]com in order for the license checks to work correctly. Initially the appliance was having issues hitting that URL, but I got it resolved after adding DNS servers to the interfaces config file. This appeared to fix the problem because the red banner went away.
Yesterday, I come in to the office and the banner message is back. The weird thing now is that I can’t ping the api[.]graylog[.]com URL from anywhere. Not from the appliance, not from any other workstations on the corporate network, and not even from my home computer, which is on a completely separate network.
api[.]graylog[.]com resolves to “api[.]graylog[.]com[.]herokudns[.]com” and a small list of IP addresses. Trace routes to api[.]graylog[.]com and to a few of the IP address (54.243.65.67, 54.243.175.62) both show the traffic leaving my network, but then just a whole bunch of timeouts and no response.
Is anyone else seeing or dealing with similar issues? Has anyone seen this before? Does anyone have a magic bullet for me? Thank you.
Hi,
I think it’s ok that the Heroku loadbalancer are not pingable. Could you try a couple of times to access the api by hand from your Graylog server? For example with curl: curl -v api.graylog.com
Should show at least a 404 if the connection is working.
Thank you for the reply. It looks like this may have been a false alarm. It is just weird that the other day I was able to get a ping response from the api URL and then a few days later no dice. I think that I just need to wait for the license violation to clear out. Not sure exactly how long that takes, but I have a temporary trial license now. My red banner has been replaced by a blue one…
I’m experiencing the same issue, after installing the license a few days ago and with a workload that peaks at ~1 GiB a day.
Remote checks have failed too many times.
Requires remote checks: Yes (allowed consecutive check failures: 72)
License expiration warning: 30 days before
curl -v https://api.graylog.com gives 404 from the graylog-host.
I’m gonna demo our installation of Graylog for some colleagues & teamleader tomorrow, rather not having a big red warning while doing that.
Not sure what I should do next?
Edit; saw mccrollys answer now. So how would a temporary trial license affect a production environment, if you use auditing and archiving?
I’m still riding the trial license that I was provided. It is a little different that a typical trial license, it has everything enabled and remote checks are turned off, but it only lasts 30 days… so now I have a blue bar complaining about a trial license instead of the red bar… so I guess thats progress. The information that I was relayed was that the licenses recent themselves after a 30 day window. Which is kinda odd to me since the thing is checking in all the time, why not just fix it at next check-in, rather than wait a month??
I’m worried that when I issue a new enterprise license for myself that I’ll go back to having the big red warning message even though I’m not doing anything wrong or breaking any rules, but for now I have just decided to deal with that when it comes up.
I did have some initial connectivity problems (…DNS) that I’m almost positive caused my license to dip into the red, but I have resolved all of that and I spoke with support and confirmed that everything is working correctly. So I am assuming that I’ll be good after the 30 day cooldown, but I’m still a little hesitant.
Just tried to import a fresh license and apparently I’m still committing some sort of license violation. I can’t seem to get rid of this message. I was told that the licenses reset after 30 days, I believe that I am outside of that 30 day refresh, but immediately upon importing the new license I’m back to having the licensing violation notification.
Based on other comments, it doesn’t look like I am the only one with this mysterious license violation problem. Is there any fix for this? I have been dealing with this for a month now.
We quickly checked and the license service seems to be working as expected. From this side is hard to give you any other advise without more information, so please check you can reach the license service from your Graylog servers. If you find any errors or log messages that may contain more information on the issue we are happy to help.
What other logs or information can I get for you? Let me know and I’ll be more than happy to provide. I have been dealing with this issue for a month now, even involving support at one point, and it still hasn’t been resolved.
Also, there have been a few people that have jumped on this post with the same or similar issues, so it doesn’t seem that I am an isolated incident. I really want this to work and for this non-legitimate warning message to go away. I really want to roll this into production, but can’t do that if my licensing status could blow up on me at any moment.
Looking at the output for curl you kindly provided, it looks like you can connect to the license service from that machine, but you still didn’t say how many Graylog servers you are using or if you executed the command on the same machine Graylog is running. Please also ensure that works consistently and not only a single time, since the request you do from the command line and the one Graylog does may end up going to a different server.
I would start by providing information on your setup and also include any Graylog server logs that may be related to the license checks, specially any warnings or failures. You should also ensure your Graylog servers have the right date and time set, as that may also affect license checks.
You say “all of them” and while that seems all encompassing, it is a little vague. Do you mean every single file listed on that page under the Omnibus heading? All of the graylog, elasticsearch, and mongodb files? Or just the graylog logs? The /var/log/graylog/server/ folder has a bunch of files in it, do you want just the most recent one, or really all of them? Also, how can I get these two you? Do you guys have an upload site, can I send a sharefile/dropbox link?
