From 53284a71738221a8d0bc9606aceecdc9e69f76d5 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Fri, 30 Nov 2018 13:13:55 +0000
Subject: [PATCH] Bro - Switch logs to JSON format

---
 salt/bro/files/local.bro           | 3 ++-
 salt/bro/files/local.bro.community | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/salt/bro/files/local.bro b/salt/bro/files/local.bro
index dbad5cf61..fc5e18517 100644
--- a/salt/bro/files/local.bro
+++ b/salt/bro/files/local.bro
@@ -141,4 +141,5 @@
 #@load custom/somebropolicy.bro
 
 # Write logs in JSON
-#redef LogAscii::use_json = T;
+redef LogAscii::use_json = T;
+redef LogAscii::json_timestamps = JSON::TS_ISO8601;
diff --git a/salt/bro/files/local.bro.community b/salt/bro/files/local.bro.community
index 58d079552..2ae12d7f2 100644
--- a/salt/bro/files/local.bro.community
+++ b/salt/bro/files/local.bro.community
@@ -129,4 +129,5 @@
 #@load custom/somebropolicy.bro
 
 # Use JSON
-#redef LogAscii::use_json = T;
+redef LogAscii::use_json = T;
+redef LogAscii::json_timestamps = JSON::TS_ISO8601;