diff --git a/CHANGES b/CHANGES
index db7f45af87..e51c5bf8c5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.6-beta2-29 | 2018-10-12 21:30:19 +0000
+
+  * GH-186: fix JSON formatting of timestamps before Unix epoch (Jon Siwek, Corelight)
+
 2.6-beta2-28 | 2018-10-12 12:48:33 -0400
 
   * Fix test baseline for plugin skeleton update (Jon Siwek, Corelight)
diff --git a/VERSION b/VERSION
index bd308201cf..7636e7dcb0 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-beta2-28
+2.6-beta2-29
diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc
index 1b0f20d16f..f495a76b62 100644
--- a/src/threading/formatters/JSON.cc
+++ b/src/threading/formatters/JSON.cc
@@ -116,7 +116,7 @@ bool JSON::Describe(ODesc* desc, Value* val, const string& name) const
 				{
 				char buffer[40];
 				char buffer2[40];
-				time_t the_time = time_t(val->val.double_val);
+				time_t the_time = time_t(floor(val->val.double_val));
 				struct tm t;
 
 				desc->AddRaw("\"", 1);
@@ -133,7 +133,11 @@ bool JSON::Describe(ODesc* desc, Value* val, const string& name) const
 					{
 					double integ;
 					double frac = modf(val->val.double_val, &integ);
-					snprintf(buffer2, sizeof(buffer2), "%s.%06.0fZ", buffer, frac * 1000000);
+
+					if ( frac < 0 )
+						frac += 1;
+
+					snprintf(buffer2, sizeof(buffer2), "%s.%06.0fZ", buffer, fabs(frac) * 1000000);
 					desc->Add(buffer2);
 					}
 
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-iso-timestamps/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-iso-timestamps/ssh.log
index 5673a0605a..236a0f7503 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-iso-timestamps/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-iso-timestamps/ssh.log
@@ -1,2 +1,10 @@
 {"t":"2008-07-09T16:13:30.005432Z"}
 {"t":"1986-12-01T01:01:01.900000Z"}
+{"t":"1969-12-31T23:59:59.600000Z"}
+{"t":"1969-12-31T23:59:59.500000Z"}
+{"t":"1969-12-31T23:59:59.400000Z"}
+{"t":"1969-12-31T23:59:59.000000Z"}
+{"t":"1969-12-31T23:59:58.600000Z"}
+{"t":"1969-12-31T23:59:58.500000Z"}
+{"t":"1969-12-31T23:59:58.400000Z"}
+{"t":"1969-12-31T23:58:21.000000Z"}
diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro
index fa2a6f1efd..8cb1210a68 100644
--- a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro
@@ -27,5 +27,30 @@ event bro_init()
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1986-12-01T01:01:01Z") + 0.90 secs)
 		]);
 
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.4 secs)
+		]);
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.5 secs)
+		]);
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.6 secs)
+		]);
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.0 secs)
+		]);
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.4 secs)
+		]);
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.5 secs)
+		]);
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.6 secs)
+		]);
+	Log::write(SSH::LOG, [
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 99 secs)
+		]);
+
 }