More on Janino below, here's the proposal:

Have a variant of <if>, namely <if property="property name">.
If the property does not exist or is false, use the <else> part, otherwise, use the <then> part.

Problems with Janino:

1) Bloat. A footprint of 1 megabyte is amazingly small for an almost full Java compiler, but it still more than doubles the footprint for logging.

2) Reliability. If the logging configuration is user editable, they might add a Java expression that calls arbitrary internal APIs.
I am aware that http://logback.qos.ch/manual/configuration.html#conditional claims that the generated code is sandboxed ("only context properties or system properties are accessible"). However, sandboxes require full security audits. Janino would require a security audit. I doubt that there are enough developer resources for this task available; the task could be reduced for Logback by keeping the available API narrow (just a bunch of properties is extremely tight), but I doubt that that is possible for Janino.
Worse, those audits would need to be repeated for every new revision.

3) Security. Expressions that make it outside the sandbox could do any amount of nasty things. Intentionally or not (I can imagine scenarios for both).

These problems do not exist for programmer-defined properties. Only PropertyDefiner descendants can be called from the configuration, and these are statically checkable in source. There is no need to worry about expressions that might try to call arbitrary internal APIs.
(If I wanted to live with that kind of risk I'd be programming in Lisp, dammit!)