Ok, the difference is that we use java security turned on, on prod tomcat.

We have to use this in conf/catalina.policy

grant codeBase "file:${catalina.base}/webapps/MYAPP/WEB-INF/lib/MYLOGBACKJAR" {
    permission java.io.FilePermission "${catalina.base}/logs/*", "read,write,delete";
};