One of the interesting things about Transparent Data Encryption is that it tries to ensure that your data, whenever it is written to disk, is protected. That means that in addition to your data files (mdf, ndf), the log file is also encrypted.
Does this mean you need to enable TDE when you create a database?
You can, but it's not required. If you do this later, how does TDE impact your log?
The rough overview is that the system starts to encrypt the log, and tempdb, from that point onward. Any data that gets written after that time is encrypted, however existing data in the log is not encrypted.
It's not likely that you'll be storing information in a log that you need to worry about and then later implementing encryption, but you ought to be aware of this fact, especially if you are encrypting for some regulatory reason. The safe thing is to run a log backup after you've enabled encryption to be sure that everything is completely encrypted.
