Add alarm detecting too many failed auths
Change-Id: I74d2e2769395100545583caeb8a58012a2be85dc
diff --git a/keystone/meta/heka.yml b/keystone/meta/heka.yml
index 7bf794a..84ed391 100644
--- a/keystone/meta/heka.yml
+++ b/keystone/meta/heka.yml
@@ -96,6 +96,28 @@
window: 60
periods: 0
function: last
+ keystone_failed_authentications_too_high:
+ description: 'Too many failed authentications have been detected for Keystone'
+ severity: warning
+ no_data_policy: okay
+ logical_operator: and
+ rules:
+ - metric: authentications_percent
+ value: failed
+ relational_operator: '>'
+ threshold: 80
+ window: 120
+ periods: 0
+ function: avg
+ # The second condition is to avoid triggering the alarm when the volume
+ # of authentication requests is too low to be relevant
+ - metric: authentications_rate
+ value: all
+ relational_operator: '>'
+ threshold: 0.1
+ window: 120
+ periods: 0
+ function: avg
alarm:
keystone_public_api_check:
alerting: enabled
@@ -103,6 +125,12 @@
- keystone_public_api_check_failed
dimension:
service: keystone-public-api-check
+ keystone_failed_authentications:
+ alerting: enabled
+ triggers:
+ - keystone_failed_authentications_too_high
+ dimension:
+ service: keystone-failed-authentications
aggregator:
alarm_cluster:
keystone_response_time:
@@ -148,6 +176,16 @@
dimension:
service: keystone
nagios_host: 01-service-clusters
+ keystone_failed_authentications:
+ policy: highest_severity
+ alerting: enabled
+ match:
+ service: keystone-failed-authentications
+ members:
+ - keystone_failed_authentications
+ dimension:
+ service: keystone
+ nagios_host: 01-service-clusters
keystone:
policy: highest_severity
alerting: enabled_with_notification
@@ -158,6 +196,7 @@
- keystone_logs
- keystone_public_api_endpoint
- keystone_public_api_check
+ - keystone_failed_authentications
dimension:
cluster_name: keystone
nagios_host: 00-top-clusters