tutorial

SRE Monitoring with Vigilmon: Site Reliability Engineering Practices 2026

Site Reliability Engineering (SRE) is Google's formalized discipline for operating production systems at scale. The core SRE insight: reliability is a produc...

Site Reliability Engineering (SRE) is Google's formalized discipline for operating production systems at scale. The core SRE insight: reliability is a product feature, not an ops afterthought. Reliability has a cost — over-investing in it slows feature velocity, and under-investing creates incidents that destroy user trust.

Monitoring is where SRE principles become operational. Error budgets need data to track. SLOs need signals to evaluate. Incident response needs an alert to trigger on. The golden signals framework gives SREs a structured approach to what to measure. And for external-facing services, there's a monitoring layer that even the most sophisticated internal observability stack cannot replace: outside-in checks that confirm your service is actually reachable from where your users are.

This guide covers SRE monitoring principles, how they translate to practical monitoring choices, and where Vigilmon fits into an SRE monitoring stack as the external canary that internal tools can't replicate.

SRE Principles and Uptime Monitoring

The SRE model formalizes the relationship between reliability and development velocity. The key insight: every service has some acceptable level of unreliability, defined as the error budget. An SLO (Service Level Objective) of 99.9% availability means you have 8.7 hours of allowed downtime per year — the error budget. If your error budget is healthy, you can deploy features aggressively. If it's burning fast, you slow down until reliability recovers.

This changes how you think about monitoring. Monitoring isn't just "alert when something breaks." It's the data collection layer that feeds the SLO tracking system, the error budget dashboard, and the incident response process. Monitoring drives the reliability feedback loop.

Three monitoring properties matter most under the SRE model:

Correctness: Does your monitoring actually detect the failures that matter? An HTTP check that only validates a 200 status code from inside your data center won't detect a CDN misconfiguration that's serving 502 errors to users. If your monitoring doesn't see the failure, your SLO calculations are wrong and your error budget is a fiction.

Signal-to-noise ratio: False positives burn on-call engineer goodwill and cause alert fatigue. An SRE monitoring stack that pages too often — or pages on single-probe transient anomalies that self-resolve — trains the team to ignore alerts, defeating the system. Consensus alerting (requiring multiple independent probes to confirm a failure) directly addresses this.

Speed: How quickly does your monitoring detect and alert on a failure? For an SLO of 99.9%, every minute of undetected downtime consumes 0.07% of your monthly budget. At 1-minute check intervals with immediate alerting, you catch failures before they meaningfully dent most SLOs.

Error Budgets and SLO Tracking

An SLO (Service Level Objective) is an internal target for service reliability — typically expressed as a percentage availability or latency threshold over a rolling window. Common SLOs:

  • 99.9% HTTP availability (measured monthly: ~43.8 minutes of allowed downtime)
  • 99.5% availability (measured monthly: ~3.65 hours of allowed downtime)
  • p95 latency < 500ms for 99.5% of requests

An SLA (Service Level Agreement) is the external, contractual version — what you promise customers and what triggers penalties if breached. SLOs should be tighter than SLAs, creating a buffer between internal targets and contractual obligations.

The error budget is the gap between perfect and your SLO target. At 99.9% SLO, you have 0.1% error budget. Error budgets are typically measured over 30-day rolling windows.

How Vigilmon Supports SLO Tracking

Vigilmon tracks response history for every monitor — you can see at a glance whether a service was up or down over any time window. For SLO tracking:

  • Availability calculation: Vigilmon's uptime history shows the percentage of checks that succeeded over any period. This is the raw data for availability SLO tracking.
  • External perspective: Vigilmon's probes check from outside your infrastructure. This is the availability your users experience — which is the availability that matters for SLOs and SLAs.
  • Response time history: Vigilmon tracks response times over time, providing data points for latency-based SLOs.
  • Incident timestamps: When Vigilmon alerts, the alert timestamp is the incident start time for SLO calculations. When the monitor recovers, that's the incident end time. The window between them is the downtime that counts against your error budget.

The combination of external availability data + incident timing gives you the inputs to calculate error budget consumption rate and predict whether you'll breach your SLO within the current measurement window.

Toil Reduction Through Alert Automation

Toil is SRE terminology for repetitive, manual operational work that scales with system load and has no lasting value. Receiving, triaging, and manually tracking monitoring alerts is a major source of toil in operations teams.

Vigilmon's webhook integrations enable alert automation that reduces toil:

PagerDuty / OpsGenie integration: Route Vigilmon alerts directly to on-call rotation management platforms. The alert arrives already structured with the monitor name, failure type, and affected endpoint — no manual triage of an email or Slack message required. When the monitor recovers, send a resolve signal automatically.

Slack channel routing: Different monitors can route to different Slack channels. A production API going down routes to #prod-incidents. A staging environment's TCP check failure routes to #dev-monitoring. The routing happens automatically via webhook payloads.

Incident tracking integration: Webhook payloads can trigger incident creation in Linear, Jira, or GitHub Issues — a monitor failure automatically creates a tracked incident with the failure details pre-populated. The alert becomes a traceable work item without a human transcribing details from a Slack message.

Custom automation: Any webhook-capable system can receive Vigilmon alerts. Runbook automation, auto-scaling triggers, automatic deployment freezes, and health dashboard updates can all be triggered by Vigilmon's webhook payloads.

The goal is to make the path from "Vigilmon detects failure" to "the right person is notified and the incident is tracked" fully automated, with no manual steps consuming toil in the middle.

The Golden Signals: How Vigilmon Covers Availability

The four golden signals — latency, traffic, errors, and saturation — are the standard SRE framework for what to measure. Each signal covers a different failure mode.

Latency

Latency measures how long requests take to complete. High latency is often a leading indicator of failures to come — a service that's taking 10 seconds to respond is likely about to start failing outright.

What Vigilmon measures: Response time for every HTTP, TCP, and heartbeat check. Vigilmon tracks response time history and allows configuring alerts when response time exceeds a threshold. For an HTTP monitor, the response time includes DNS resolution, TCP connection establishment, TLS handshake, HTTP request, and first-byte response — the full client-perceived latency.

What Vigilmon doesn't cover: Per-request, distributed trace-level latency decomposition across microservices. For that dimension, you need distributed tracing (Jaeger, Tempo, Honeycomb). Vigilmon covers the end-to-end external latency signal.

Traffic

Traffic measures the volume of demand on your system — requests per second, transactions per minute, events per hour.

What Vigilmon measures: Vigilmon is a synthetic monitoring tool, not a passive traffic recorder. It doesn't measure actual user traffic volume. For traffic measurement, application metrics (Prometheus, Datadog) and access logs are the right signals.

Where Vigilmon overlaps: A complete availability outage shows up as a traffic drop in your application metrics — but your monitoring stack may not alert on traffic drops by default. Vigilmon's external checks detect the availability failure independently, without requiring traffic-based anomaly detection.

Errors

Errors measure the rate of failed requests — responses that are explicitly failures (HTTP 5xx, application error codes) or implicit failures (HTTP 200 with an error body, silent timeouts).

What Vigilmon measures: External error detection — HTTP status codes that indicate failure (5xx, 4xx where unexpected), TCP connection failures, response body mismatches against expected content, and SSL handshake failures. Vigilmon detects the errors your users experience.

The key advantage of external error detection: it catches errors that occur between your load balancer and your users — at the CDN layer, in DNS resolution, in network routing — that your application-level error rate metrics won't show (because those requests never reached your application).

What Vigilmon doesn't cover: Per-endpoint error rate decomposition, per-user-segment error rate analysis, or application-level error classification. For those dimensions, application metrics and structured logs are the right signals.

Saturation

Saturation measures how full your system is — CPU utilization, memory usage, disk fill rate, connection pool exhaustion, queue depth.

What Vigilmon measures: Vigilmon doesn't monitor internal resource saturation. For CPU, memory, disk, and queue metrics, infrastructure monitoring tools (Prometheus with node_exporter, cloud provider metrics, Datadog agent) are the right choice.

The saturation-availability link: Saturation often precedes availability failures — a filling connection pool eventually causes connection errors; a full disk eventually causes writes to fail; an overloaded CPU eventually causes response times to spike past thresholds. Vigilmon's latency and error detection catches the availability impact of saturation failures after they materialize. Saturation monitoring catches the leading indicators before they become availability failures.

Runbooks and Incident Response Integration

When Vigilmon fires an alert, you want the on-call engineer to have everything they need to respond — immediately, without hunting for context. Runbook integration addresses this.

Alert Payload Structure

Vigilmon webhook payloads include:

  • Monitor name (if named descriptively — "prod-api-v2", "stripe-payment-webhook")
  • Check type (HTTP, TCP, heartbeat)
  • Failure type (connection refused, timeout, wrong status code, body mismatch, SSL error)
  • Affected endpoint (URL or host:port)
  • Timestamp

A well-named monitor is itself a runbook pointer. "prod-checkout-api" failing with a TCP connection refusal tells the on-call engineer: the checkout service's TCP listener is down, not an application-layer error. They can jump directly to the right component.

Runbook Links in Alert Routing

When routing Vigilmon alerts through PagerDuty or OpsGenie, include a runbook link in the alert description. The runbook for "HTTP 5xx from prod-api" should cover:

  1. Check application logs for error traces
  2. Check recent deployments (was there a deploy in the last 30 minutes?)
  3. Check database connection pool status
  4. Check upstream dependencies (external APIs, message queue)
  5. Rollback procedure if a deploy is the root cause

The monitor name in the Vigilmon alert maps to the runbook — no translation required if names are consistent.

Incident Timeline

For post-incident reviews, Vigilmon's alert history provides the external detection timeline:

  • When did Vigilmon first detect the failure? (This is when users first experienced the issue, minus any brief transient period that consensus filtering absorbed)
  • When did the monitor recover? (Service restoration time)
  • How long was the gap? (Incident duration for SLO calculation and error budget consumption)

Cross-referencing the Vigilmon alert timestamp with deployment logs, application error rate spikes, and infrastructure metrics establishes the causal sequence for root cause analysis.

Vigilmon as the External SRE Canary

The most important framing for Vigilmon in an SRE stack: it's the external canary. Not the only monitoring tool, but the tool that sees what your users see, from where your users are.

Internal observability tools — Prometheus, Grafana, Jaeger, ELK — run inside your infrastructure. They see what your services do from the inside. When an internal check is green, it means your service is healthy from your network's perspective. That's necessary but not sufficient.

The failures that Vigilmon catches and internal tools miss:

CDN and edge failures: Your application server is healthy, your load balancer is responding, but the CDN in front of your service is serving stale error pages or timing out. Internal metrics show no problem. Vigilmon's external probes hit the CDN before reaching your origin and catch the failure.

DNS configuration errors: A DNS record pointing to a wrong IP or a misconfigured TTL causing stale records. Your internal services resolve DNS via an internal resolver and are unaffected. External users can't reach your service. Vigilmon's probes use external DNS resolvers and catch this.

SSL certificate trust chain issues: Your certificate is valid and your internal systems trust it. But you forgot to include the intermediate certificate in your server's chain, and some external clients fail the TLS handshake. Vigilmon's probes connect from outside your network with standard public CAs and catch this.

Routing failures specific to certain regions: Your service is available from three probe regions and unreachable from a fourth due to a BGP routing issue. Internal monitoring shows everything healthy. Vigilmon's multi-region probes detect the regional availability gap.

ISP or transit provider outages: An upstream network failure affects some users' ability to reach your service. Your infrastructure is unaffected. Only external monitoring can detect this from the affected network paths.

The SRE principle: "absence of evidence is not evidence of absence." A green internal dashboard doesn't mean your users are having a good experience. Vigilmon is the verification that they are.

Practical SRE Monitoring Stack with Vigilmon

The complete SRE monitoring stack for a typical web service:

Layer 1: External Availability (Vigilmon)

  • HTTP monitors for every customer-facing endpoint
  • TCP monitors for external-facing services (SMTP, custom protocols)
  • Heartbeat monitors for critical background jobs and scheduled tasks
  • SSL certificate monitors with expiry warnings
  • Response time tracking for latency SLO data

Alert routing: PagerDuty or OpsGenie, with runbook links. Severity: P1 for production endpoints.

Layer 2: Application Metrics (Prometheus / Hosted)

  • RED metrics (Rate, Errors, Duration) for every service
  • Error rate alerts for internal error detection (complements external error detection)
  • Latency histogram alerts (p99 > threshold)
  • Queue depth and saturation alerts

Alert routing: Same on-call rotation, but distinguish application-layer errors from availability failures in alert descriptions.

Layer 3: Infrastructure Metrics

  • CPU, memory, disk utilization
  • Database connection pool metrics
  • Cache hit rates
  • Network throughput

Alert routing: Less urgent than application metrics. Saturation alerts serve as leading indicators before availability impact.

Layer 4: Distributed Traces (When Needed)

  • Cross-service request tracing for microservices
  • Latency decomposition by service and query
  • Error context within traces

Not an alert source: Traces are for investigation, not alerting. Alerts come from metrics; traces explain the why after an alert fires.

SLO Dashboard

  • Availability calculation: Vigilmon uptime percentage (external availability SLO)
  • Error rate: Prometheus metrics (application-layer error rate SLO)
  • Latency: Prometheus histograms (p95/p99 latency SLO)
  • Error budget remaining: current month's budget minus consumed

Setting Up Vigilmon for SRE Monitoring

Step 1: Define your monitors around your SLO boundaries

Every endpoint that has an SLO gets a monitor. If your SLA covers the checkout flow, the checkout API endpoint gets a Vigilmon HTTP monitor. If background job completion is SLO-tracked, the job's heartbeat gets a monitor.

Step 2: Name monitors for operational clarity

Monitor names appear in alert payloads. prod-checkout-api-v2 is more actionable than api-check-1. Name monitors after what they protect, not how they work.

Step 3: Configure response validation beyond status codes

For critical endpoints, configure response body validation — a keyword that should appear in a successful response. A load balancer returning a 200 with a maintenance page body looks healthy to a status-code-only check. Body validation catches this.

Step 4: Set check intervals to match SLO granularity

At 99.9% monthly availability, each minute of undetected downtime costs 0.07% of budget. 1-minute check intervals provide fast detection. For less critical services or environments with lower SLOs, 5-minute intervals may be sufficient.

Step 5: Integrate with your incident management platform

Configure Vigilmon webhook notifications to route to PagerDuty, OpsGenie, Slack, or any incident management tool. Automate the path from alert to incident creation to runbook reference.

Step 6: Review error budget consumption monthly

Vigilmon's uptime history for the past 30 days maps directly to your external availability error budget. Compare against your SLO target. If you're burning budget faster than expected, the incident history in Vigilmon's alert log shows exactly which incidents consumed it.

Summary

SRE monitoring in 2026 is not a single tool problem. The SRE monitoring stack has layers — internal observability tools for application and infrastructure visibility, and external uptime monitoring for the availability signal that internal tools can't produce.

Vigilmon serves a specific and non-substitutable role in this stack: the external canary that validates service reachability from the internet. It feeds SLO tracking with availability data that reflects what users actually experience. It catches failure modes — CDN failures, DNS errors, SSL trust chain issues, regional routing problems — that internal monitoring never sees. And it reduces toil through webhook automation that routes alerts directly to on-call systems without human intervention.

The SRE principle is simple: you can't improve what you don't measure. Measuring external availability requires external checks. Vigilmon is how you close that gap.

Try Vigilmon free at vigilmon.online — multi-region consensus alerting, response time history, webhook integrations for PagerDuty and Slack, and a permanent free tier with no credit card required.

Tags: #sre #sitereliability #monitoring #slo #errorbadget #goldenssignals #vigilmon #uptime #devops #oncall #2026

Monitor your app with Vigilmon

Free plan — 5 monitors, no credit card required. Up and running in 60 seconds.

Start free →
← Back to all articles