Why is this line included in the `logcheck` report email?

Why is this line included in the `logcheck` report email?

In addition to the Debian provided rulesets, I have added a file
/etc/logcheck/ignore.d.workstation/wpasupplicant.local (owner
root:logcheck, mode 0644) to my newly installed logcheck setup. I have
confirmed that REPORTLEVEL is set to "workstation" in
/etc/logcheck/logcheck.conf. The contents of wpasupplicant.local is the
single line:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_supplicant\[[[:digit:]]+\]:
wlan0: WPA: Group rekeying completed with XX:XX:XX:XX:XX:XX \[GTK=CCMP\]$
where XX:XX:XX:XX:XX:XX is the lowercase-hex MAC address of my WiFi
AP/gateway.
However, I'm still receiving email reports hourly (every time logcheck
executes) which include the following (the time varies; I have set up
rekeying to be done at fairly short intervals):
Aug 11 20:06:51 yeono wpa_supplicant[2524]: wlan0: WPA: Group rekeying
completed with XX:XX:XX:XX:XX:XX [GTK=CCMP]
Again, XX:XX:XX:XX:XX:XX is the lowercase-hex MAC address I'm connecting
to. I have double-checked that the MAC addresses shown are the same in
both.
If I do grep -E --color "$(cat wpasupplicant.local)" - and then paste the
log line copied directly from the log email into grep's stdin, it
indicates a full match (the entire line is echoed back at me, colored
red).
Since the data does match something in the proper ignore directory, I
would expect that line to not be included in the e-mail report. I have
checked /etc/logcheck/violations.d and /etc/logcheck/cracking.d and
neither seems to contain anything relevant (grep -i WPA * in those two
directories turn up empty).
What might be the reason why the "rekeying completed" line is included in
the logcheck report e-mail?