Currently, MediaWiki logs to fluorine (via udp2log), Logstash and Kafka. None of these are currently encrypted in any way.
As a) we would like to log to loghosts across the datacenter boundary and b) logging sometimes includes sensitive information including PII, we should explore ways to encrypt these logging flows.