Expanded support for modifying the timestamp format in the JSON formatter.

scripts/base/frameworks/logging/writers/ascii.bro

@@ -25,10 +25,8 @@ export {
 	const use_json = F &redef;
 
 	## By default, the JSON formatter will use double values for timestamps
-	## which represent the number of seconds from the UNIX epoch.  By setting
-	## this to 'T', it will use the 8601 format.  This is also available as 
-	## a per-filter $config option.
-	const json_iso_timestamps = F &redef;
+	## which represent the number of seconds from the UNIX epoch.
+	const json_timestamps: JSON::TimestampFormat = JSON::TS_EPOCH &redef;
 
 	## If true, include lines with log meta information such as column names
 	## with types, the values of ASCII logging options that are in use, and

scripts/base/init-bare.bro

@@ -3057,6 +3057,24 @@ const record_all_packets = F &redef;
 ## .. bro:see:: conn_stats
 const ignore_keep_alive_rexmit = F &redef;
 
+module JSON;
+export {
+	type TimestampFormat: enum {
+		## Timestamps will be formatted as UNIX epoch doubles.  This is
+		## the format that Bro typically writes out timestamps.
+		TS_EPOCH,
+		## Timestamps will be formatted as unsigned integers that 
+		## represent the number of milliseconds since the UNIX
+		## epoch.
+		TS_MILLIS,
+		## Timestamps will be formatted in the ISO8601 DateTime format.
+		## Subseconds are also included which isn't actually part of the
+		## standard but most things that parse ISO8601 seem to be able
+		## to cope with that.
+		TS_ISO8601,
+	};
+}
+
 module Tunnel;
 export {
 	## The maximum depth of a tunnel to decapsulate until giving up.