( subtype eq vpn ) and ( severity eq critical )

( eventid eq path-monitor-failure ) and ( object eq default ) and ( description contains 'Path monitoring failed for static route destination 10.0.0.0/8 with next hop 0.0.0.0. Route removed.' )

( eventid eq path-monitor-recovery ) and ( object eq default ) and ( description contains 'Path monitoring for static route destination 10.0.0.0/8  with next hop 0.0.0.0 recovered. Route restored.' )

( subtype eq vpn ) and ( severity eq high )

( eventid eq routed-BGP-peer-left-established ) and ( object eq name-of-vr ) and ( description contains 'BGP peer session left established state.peer name: name-of-peer, peer IP: 169.254.42.5.' ) [PAN-OS 9.0]
<code>( eventid eq routed-BGP-peer-left-established ) and ( object eq name-of-vr ) and ( description contains 'BGP peer session left established state. peer IP: 10.8.8.4.' ) [PAN-OS 8.1]
<code>( eventid eq routed-OSPF-neighbor-down ) and ( object eq name-of-vr ) and ( description contains 'OSPF adjacency with neighbor has gone down. interface ae1.3013, neighbor router ID 10.0.0.4, neighbor IP address 172.23.68.195.' )

( subtype eq vpn ) and ( severity eq low )

( eventid eq routed-BGP-peer-failed ) and ( object eq name-of-vr ) and ( description contains 'BGP peer session has failed and may restart. peer name: name-of-peer. peer IP: 169.254.250.20.' )

( eventid eq routed-BGP-peer-restarted ) and ( object eq name-of-vr ) and ( description contains 'Initiated graceful-restart with a BGP peer. peer name: name-of-peer. peer IP: 9.9.9.9.' )

( eventid eq routed-BGP-peer-restart-failed ) and ( object eq name-of-vr ) and ( description contains 'Graceful-restart with a BGP peer failed. peer name: name-of-peer. peer IP: 169.254.250.20, AFI/SAFI: 1/1.' )

( eventid eq routed-config-p1-failed ) and ( description contains 'Route daemon configuration load phase-1 failed.' )

( subtype eq vpn ) and ( severity eq informational )

( eventid eq routed-fib-sync-self-master ) and ( description contains 'FIB HA sync started when local device becomes master.' )

( eventid eq routed-config-p1-success ) and ( description contains 'Route daemon configuration load phase-1 succeeded.' )

( eventid eq routed-config-p2-success ) and ( description contains 'Route daemon configuration load phase-2 succeeded.' )

( eventid eq routed-BGP-peer-enter-established ) and ( object eq name-of-vr ) and ( description contains 'BGP peer session enters established state. peer name: BACKUP_US_PALO, peer IP: 169.254.250.40.' )

( eventid eq routed-BGP-refresh-sent ) and ( object eq name-of-vr ) and ( description contains 'ROUTE REFRESH message sent to a BGP peer. peer name: peer-eu-vpc-security-t1, peer IP: 169.254.201.69, AFI/SAFI: 1/1.' )

( eventid eq routed-daemon-init ) and ( description contains 'Route daemon is initializing.' )

( eventid eq routed-daemon-start ) and ( description contains 'Route daemon is ready.' )

( eventid eq routed-config-p1-success ) and ( description contains 'Route daemon configuration load phase-1 succeeded.' )

( eventid eq routed-config-p2-success ) and ( description contains 'Route daemon configuration load phase-2 succeeded.' )

( eventid eq routed-config-p1-abort ) and ( description contains 'Route daemon configuration load phase-1 aborted.' )

( eventid eq routed-BGP-peer-enter-established ) and ( object eq name-of-vr ) and ( description contains 'BGP peer session enters established state. peer IP: 10.8.8.3.' )

( eventid eq routed-fib-sync-self-master ) and ( description contains 'FIB HA sync started when local device becomes master.' )

( eventid eq routed-OSPF-neighbor-2dir ) and ( object eq name-of-vr ) and ( description contains 'OSPF two-way communication established with neighbor. interface ae2.3023, neighbor router ID 10.8.8.10, neighbor IP address 10.23.68.197.' )

( eventid eq routed-OSPF-neighbor-full ) and ( object eq name-of-vr ) and ( description contains 'OSPF full adjacency established with neighbor. interface ae2.2023, neighbor router ID 10.8.8.1, neighbor IP address 10.23.64.196.' )

( eventid eq routed-BGP-peer-mp-extension-negotiate ) and ( object eq name-of-vr ) and ( description contains 'BGP peer MP extension negotiation. MP-EXTENSION negotiation to peer 10.8.8.3 successful, AFI/SAFI 1/1' )

( eventid eq routed-BGP-peer-mp-extension-negotiate ) and ( object eq name-of-vr ) and ( description contains 'BGP peer MP extension negotiation. MP-EXTENSION negotiation to peer name: name-of-peer, peer IP: 169.254.250.40 successful, AFI/SAFI 1/1' )