I currently have a program that uses SLF4J/LoggerFactory for capturing logs and the configuration is done through logback.xml. My logs were working as expected. I was recently instructed by the Security team at my job to update a class which uses ESAPI. I updated the class and added ESAPI.properties and validation.properties to src/main/resources/esapi. In ESAPI.properties, I updated ESAPI.Logger to ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory. Based on my research online and through SO, I assumed I would be able to us my logs (which is initialized as protected final static Logger log = LoggerFactory.getLogger(this.class); and used as log.info("Example")) as normal (outputs the logs to a file on a server) but the logs just output to the CL when the java program is run.
I resolved my issue after reading the README.md for the current release which references the 2.2.3.0 release notes if you are using the slf4j libraries. I needed to exclude the slf4j-simple which is pulled in because it is a dependency of AntiSamy 1.6.2.