diff --git a/ChangeLog b/ChangeLog
index 46b12528..5ca68994 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -79,6 +79,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
    * filter.d/pam-generic - added syslog prefix. Disabled support for
      linux-pam before version 0.99.2.0 (2005)
    * filter.d/gssftpd - anchored regex at start
+   * filter.d/sogo-auth - anchor regex at start
    * filter.d/mysqld-auth.conf - mysql can use syslog
    * fail2ban-regex - now generates http://www.debuggex.com urls for debugging
 	 	 regular expressions with the -D parameter.
diff --git a/config/filter.d/sogo-auth.conf b/config/filter.d/sogo-auth.conf
index 3e238419..41e5bf46 100644
--- a/config/filter.d/sogo-auth.conf
+++ b/config/filter.d/sogo-auth.conf
@@ -11,7 +11,7 @@
 # Note: the error log may contain multiple hosts, whereas the first one 
 # is the client and all others are poxys. We match the first one, only
 
-failregex = Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
+failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
 
 # Option: ignoreregex
 # Notes.: regex to ignore. If this regex matches, the line is ignored.