API Authentication Failure Spike Detection

critical

securityUpdated Nov 5, 2025

Detect Keystone authentication issues or credential problems by monitoring 401/403 errors and token validation failures across OpenStack services.

Sources

Troubleshooting Common OpenStack Nova Log Errors - OpenMetalopenmetal.io

Logging, Monitoring, and Troubleshooting Guidedocs.redhat.com

Technologies:

OpenStackSymptoms of this issue are visible in OpenStack metrics and logs

How to detect:

Track HTTP 401 Unauthorized and 403 Forbidden responses across OpenStack API endpoints (Nova, Neutron, Glance, Cinder). Monitor Keystone token validation errors and authentication latency. Alert on sudden spikes in auth failures.

Recommended action:

Check Keystone service health and database connectivity. Verify token expiration policies aren't too aggressive. Investigate if specific users/projects are affected. Review for potential credential compromise or brute-force attempts.