Benefits of CSM

Unanswered Question
Aug 17th, 2009


Is it correct that CSM is more of a policy/configruation deployment facility rather than monitoring one.

Features such as network, bandwidth, device/health status monitoring are not available on Cisco Securit Manager. Is it correct.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Jeroen Tebbens Mon, 08/17/2009 - 06:06

Correct. CSM is more policy related for deploying rules on security devices.

CWLMS is more monitoring and configuration of the device itself (less policy based).

CSM has some monitoring options in the Performance Monitor module you can install next to CSM. It allows to monitor VPN tunnels (throughput, up/down alerting etc).

Hope this answers your question.

Jeroen Tebbens

tech_trac Mon, 08/17/2009 - 09:25

Does the 'Performance Monitor' in CSM provide archiving facility for the network/bandwidth usage & statistics.


Lucien Avramov Mon, 08/17/2009 - 09:37

Performance monitor can help you to monitor VPM tunnels as mentioned earlier or Firewalls.

Here is a guide that covers Performance monitor:

Also the docs for CSM:

IDS uses mainly syslog messages to communicate. You could log the IDS messages on a syslog server for example. MARS is a product that is used to monitor the IDS.

Out of curiosity, why do you need to monitor bw of the IDS? It's just a L2 device that lets traffic to flow.

tech_trac Mon, 08/17/2009 - 09:51

hi lavramov,

I am not sure why is IDS being refered to here. I have not mentioned IDS at all throughout this post.

My query was that is there any archiving facility in CSM Performance Monitor for the network bandwidth usage/statistics. In other words, is it possible to retrieve a month old network utilization statistics/report from the performance monitor in CSM i.e. for ASA, FWSM etc.


tech_trac Mon, 08/17/2009 - 23:11

Ok. It is supported by Performance Monitor as mentioned in Ch 10 of the Performance Monitor User Guide.

I purchased a permanent license for CSM. The Performance Monitor Software is included in the DVD. How do I obtain the license for Performance Monitor.


Lucien Avramov Mon, 08/17/2009 - 23:28

Cisco Security Manager includes 3 applications which require licensing: Security Manager itself, Performance Monitor, and Resource Manager Essentials (RME).

The Security Manager license files are managed through the Security Manager client application: Tools > Security Manager Administration >Licensing.

Performance Monitor and RME license files are managed using the CiscoWorks Common Services browser inteface. After logging in to the browser interface click the CiscoWorks link in the upper right. Then navigate: Common Services > Server > Admin > Licensing.

In the case of Security Manager 3.0.x, the RME and Performance Monitor license files are included on the product DVD under the "license_files" directory: mcpULperm.lic and RME.lic.

In the case of Security Manager 3.1.x, the RME and Performance Monitor license file is delivered using the same PAK registration method as done with the Security Manager license. The Security Manager 3.1.x includes a separate PAK specifically for RME and Performance Monitor.

tech_trac Tue, 08/18/2009 - 00:22

We had purchased CSM 3.2 with media kit.

In the box, we only received the PAK for CSM and not for Performance Monitor.

I could find .lic file on the DVD, i.e. under mcp3_2_1/eval/ which is an evaluation license.

Are we eligible for Performance Monitor permanent license due to the purchase of CSM only. What is the process to obtain PM license for CSM 3.2.



This Discussion