How to get an email when a specific service/driver starts or stops?

The easiest way to get notified in real-time whenever specific service/driver starts or stops is by forwarding “EventSentry” event 10100 or 10150. This particular event is logged by EventSentry when a service or drivers status changes.

Service monitor is a feature that is enabled by default in EventSentry under "System Health ->Services" and will monitor all automatic services/drivers except for those listed. If this package isn't assigned or doesn't exist, then these events will not be created.

1. Open the management console and either find an existing event log package to add this new filter rule to, or create a new event log package.
2. Make sure the package is assigned correctly or set it global if the filter rule should apply to all the hosts in your network.
3. Create a new event log filter that matches the following properties: Event Log: Application Severity: Information Source: EventSentry Category: Service Monitoring Event ID: 10100,10150 Content Filter: *Service Name*
4. Assign an action to the event log filter.