ENH: filter.d/sogo-auth - anchor regex at start

ChangeLog

@@ -79,6 +79,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
    * filter.d/pam-generic - added syslog prefix. Disabled support for
      linux-pam before version 0.99.2.0 (2005)
    * filter.d/gssftpd - anchored regex at start
+   * filter.d/sogo-auth - anchor regex at start
    * filter.d/mysqld-auth.conf - mysql can use syslog
    * fail2ban-regex - now generates http://www.debuggex.com urls for debugging
 	 	 regular expressions with the -D parameter.

config/filter.d/sogo-auth.conf

@@ -11,7 +11,7 @@
 # Note: the error log may contain multiple hosts, whereas the first one 
 # is the client and all others are poxys. We match the first one, only
 
-failregex = Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
+failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
 
 # Option: ignoreregex
 # Notes.: regex to ignore. If this regex matches, the line is ignored.