/var/log/ belongs to root user:
$ ls -ld /var/log
drwxr-xr-x. 13 root root 4096 Mar 31 19:23 /var/log
As you can see the other do not have the write privilege and there's no sticky bit (as for the /tmp/ folder).
But if I look into this folder the mysql user is able to write a file into it:
$ ls -l /var/log |grep mysql
drwxr-x--- 2 mysql mysql 4096 Mar 30 16:03 mysql
How is the mysql user able to create files into this directory? What am I missing here?
d in drwxr-x--- indicates the mysql file is of the type directory. The directory was most likely created by root, its ownership and permissions adjusted. This was a one-time job during the installation of MySQL or whatever.
Additionally . in drwxr-xr-x. for /var/log indicates there's an SELinux security context. I know little about SELinux but I believe one can grant additional permissions with it. If you think the mysql directory was created not exactly by root then investigate this lead.
The mysql user can create files inside the mysql directory. For this the lack of write permission in /var/log is irrelevant.
You may be more familiar with this fact:
In Linux regular users cannot create files directly in /home. Yet each one has got their own directory inside /home where they can create files (/home/yves, /home/kamil, /home/bob).
Similarly mysql has got a directory inside /var/log to create log files there.
