There are multiple, independent entities both maintaining and submitting to the logs. The short answer: CAs submit precertificates to the logs; the logs respond with signed certificate timestamps that are embedded within the ultimate certificate rendered to the user. User agents (i.e., browsers) cross-check against the logs using the SCTs. Third parties ("monitors") additionally watch the logs for suspicious events (unexpected issuances, unusual certificates being signed for, etc.)
