Great, all I have to do is get it to work, today I was waiting in ambush for the rootkit scan to start so I could pin down when it actually starts, e.g. what delay after the desktop. after a period of time I checked the aswAr.log and it still had the details from yesterdays scan.
So I don't know what happened why the log wasn't updated as a0 my VPS would have been 080514-0 but that would just means it wouldn't have had the footer information, but it should have been updated.
So two <off-topic ish> questions.
1. What is the delay before the rootkit scan on 4.8.1195 as this has cropped up in a couple of topics and we the users don't know for sure but it seems like 5 minutes as best as I can determine ?
2. How can we determine if the rootkit scan has taken place ?
e.g. if the log hasn't been updated it could be a failure of the logging or the rootkit scan didn't run.
</off-topic>