Back to Documentation

Ad-Hoc Commands

Run commands on network devices with audit logging and role-based access

Overview

The Ad-Hoc Commands module lets authorized users execute pre-approved commands on one or more network devices simultaneously - without requiring direct CLI access. Every execution is logged with the user, timestamp, device, and output, creating a full audit trail.

Tip: Ad-hoc commands are read-only by default. Write/config commands require the Engineer or Admin role and must be added to the approved library first.

Selecting and Running Commands

Step-by-step

1
Navigate to Ad-Hoc Commands from the left sidebar. You will see two panels: device selector on the left, command selector on the right.
2
Select target devices. Use the search bar or filter by site, type, or group. Check individual devices or use Select All in Group for batch execution.
3
Choose a command from the approved library dropdown. Commands are grouped by category (Show, Debug, Configuration).
4
Fill in any parameters. Some commands (e.g. show interface [interface]) have dynamic fields. Enter the values before running.
5
Click Run. A progress indicator shows per-device status. Results appear in a tabbed output panel - one tab per device.
6
Export results using the Export button (CSV or plain text) for documentation or incident tracking.
Note: Executing a command on more than 50 devices at once will trigger a confirmation prompt. Large batches run in parallel but may take longer depending on your jump server capacity.

Managing the Command Library (Admin)

Admins control which commands appear in the library and what roles can run them.

Adding a new command

  1. Go to Admin Panel → Command Library.
  2. Click Add Command.
  3. Enter a display name, the raw command string, category, and allowed roles.
  4. Use {variable} syntax for dynamic parameters (e.g. show interface {interface}).
  5. Save and the command immediately appears for eligible users.

Command string syntax

show ip route show interface {interface} show vlan id {vlan_id} debug ip ospf events

Editing or disabling a command

Click the pencil icon next to any command to edit it. Toggle the Active switch to hide it from users without deleting the history associated with it.

Viewing Command History

All executed commands are stored in the activity log and accessible from two places:

  • My History - available to all users, shows their own executions with full output.
  • Admin Panel → Activity Log - shows all users' executions, filterable by user, device, date range, and command.

Filters available

  • Date range picker
  • Device name or IP
  • Username
  • Command category
  • Success / failure status
Tip: History is retained for 90 days by default. Admins can adjust the retention period in System Settings → Logging.

Permissions & Roles

Role Run Show Commands Run Config Commands Manage Library
Read-Only Yes No No
Engineer Yes Yes No
Admin Yes Yes Yes

Troubleshooting

Command times out

The default per-device timeout is 30 seconds. For commands that generate large output (e.g. full routing tables), increase the timeout in System Settings → SSH Timeout.

Device shows "Connection Failed"

Check that the jump server has SSH connectivity to the device. Use the Connectivity Test button in Device Management to verify the path.

Command not appearing in the dropdown

Your role may not have permission to run that command. Contact your admin to review the command's allowed roles in the Command Library.