diff --git a/lib/logstash/codecs/leef.rb b/lib/logstash/codecs/leef.rb
index 0a3f726..c297c16 100644
--- a/lib/logstash/codecs/leef.rb
+++ b/lib/logstash/codecs/leef.rb
@@ -1,6 +1,8 @@
 # encoding: utf-8
 require "logstash/codecs/base"
 require "json"
+require "socket"
+require "time"
 
 # Implementation of a Logstash codec for the qRADAR Log Event Extended Format (LEEF)
 # Based on Version 1.0 of Implementing QRadar LEEF.
@@ -9,6 +11,9 @@
 class LogStash::Codecs::LEEF < LogStash::Codecs::Base
   config_name "leef"
 
+  # Field to enable the default syslog header, which uses the default `%{host}` field for hostname and the timestamp is generated by the codec parsing time. If no value is set the hostname is set to the `hostname` value where logstash is running.
+  config :syslogheader, :validate => :boolean, :default => true
+  
   # Device vendor field in LEEF header. The new value can include `%{foo}` strings
   # to help you build a new value from other parts of the event.
   config :vendor, :validate => :string, :default => "Elastic"
@@ -115,7 +120,15 @@ def decode(data)
   public
   def encode(event)
     # "LEEF:1.0|Elastic|Logstash|2.3.3|EventID|"
-
+    
+    if self.class.get_config["syslogheader"][:default] == true
+	time = Time.new
+	syslogtime = time.strftime("%b %d %H:%M:%S")
+	sysloghost = sanitize_header_field(event.sprintf(@host))
+        if sysloghost == ""
+		sysloghost = Socket.gethostname
+	end
+    end 
     vendor = sanitize_header_field(event.sprintf(@vendor))
     vendor = self.class.get_config["vendor"][:default] if vendor == ""
 
@@ -139,10 +152,21 @@ def encode(event)
    # end
 
     # Should also probably set the fields sent
-    header = ["LEEF:1.0", vendor, product, version, eventid].join("|")
-    values = @fields.map {|fieldname| get_value(fieldname, event)}.compact.join("	")
+    
+    if @syslogheader == true   
+  	sheader = [syslogtime, sysloghost].join(" ")
+	header = ["LEEF:1.0", vendor, product, version, eventid].join("|")
+    	values = @fields.map {|fieldname| get_value(fieldname, event)}.compact.join("       ")
+	
+	@on_event.call(event, "#{sheader} #{header}|#{values}\n")
+    
+    else
 
-    @on_event.call(event, "#{header}|#{values}\n")
+    	header = ["LEEF:1.0", vendor, product, version, eventid].join("|")
+    	values = @fields.map {|fieldname| get_value(fieldname, event)}.compact.join("	")
+
+    	@on_event.call(event, "#{header}|#{values}\n")
+    end
   end
 
   private