We are using logstash to parse sensitive data from our logs and as a result we need the original logfile (that contains the sensitive data) to not retain any content.
I have tried using a mkfifo and have logstash watch the named pipe file and have apache log to it. This does not work as logstash does not hold the pipe file open, as a result apache fails to start as it cannot log to the file if its not being held open.
I also considered using a syslog input but we have multiple configs for multiple vhosts and as result using a single facility could get complex.
Ideally we want this configuration
Apache -> logstash -> output.log
Can anyone recommend a configuration or logstash input that would allow us to not retain the original unprocessed log data.