So, if I understood correctly, then it is necessary to encrypt not the current logs (which is a little nonsense!), But only when archiving (rotation)? So you just need to add the encryption command to the logrotate configuration (or whatever is responsible for log rotation).

You can take a suitable encryption FS (for example www.truecrypt.org ), mount it to the right place and write logs directly to it (or copy it after rotation).

Maybe it will be useful for someone, I dashed off a draft version of the script. I will be glad for comments and corrections.

#!/bin/bash
#Encrytion Script for Log Files
#Copytight Denis P. 2014

set -x

while true; do
#rm FILE_LIST1 # Rotation of file list changes
#Lets find files that we should to encrypt . Files after rotation proccess
find /var/log/ -type f ! -name '*.ss' -printf "%f\n" | grep  "^[a-zA-Z]*\.[0-9]" | grep -v gz >| FILE_LIST # Grep files into log direcotory matching patter file.0 etc.
find /var/log/ -type f ! -name '*.ss' -printf "%f\n" | grep  .gz >> FILE_LIST # matching .gz ext.
find /var/log/ -type f ! -name '*.ss' -printf "%f\n" | grep  [0-9]$ >> FILE_LIST #grep file with file.1 || file1 pattern
        for FILE_NAME in $(cat FILE_LIST) # run on all founded files
                do
                find /var/log/ -type f ! -name '*.ss' | grep $FILE_NAME >| FULL_PATH_FILE_LIST # get full path to the file founded
                        for  FULL_PATH_FILE_NAME in $(cat FULL_PATH_FILE_LIST)
                                do
                                openssl des3 -salt -in $FULL_PATH_FILE_NAME -out $FULL_PATH_FILE_NAME.ss -pass file:/root/secret # encryption operation
                                rm $FULL_PATH_FILE_NAME
                                done
                done
rm FILE_LIST
sleep 5
done