diff --git a/doc/userguide/output/syslog-alerting-comp.rst b/doc/userguide/output/syslog-alerting-comp.rst
index e3db0b524a..c9cd8b4d77 100644
--- a/doc/userguide/output/syslog-alerting-comp.rst
+++ b/doc/userguide/output/syslog-alerting-comp.rst
@@ -5,6 +5,10 @@ Suricata can alert via syslog which is a very handy feature for central log coll
 
 However, there are different syslog daemons and there can be parsing issues with the syslog format a SIEM expects and what syslog format Suricata sends. The syslog format from Suricata is dependent on the syslog daemon running on the Suricata sensor but often the format it sends is not the format the SIEM expects and cannot parse it properly.
 
+.. attention:: The syslog output is deprecated in Suricata 8.0 and
+               will be removed in Suricata 9.0. Please migrate to the
+               ``eve`` output which has the ability to send to syslog.
+
 Popular syslog daemons
 ----------------------
 
diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst
index 1dded4eba0..97758c8f7e 100644
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@@ -227,7 +227,7 @@ Deprecations
 - The ``tls-log`` output is now deprecated and will be removed in Suricata 9.0.
 - The ``syslog`` output is now deprecated and will be removed in
   Suricata 9.0. Note that this is the standalone ``syslog`` output and
-  does affect the ``eve`` outputs ability to send to syslog.
+  does **not** affect the ``eve`` outputs ability to send to syslog.
 - The ``default`` option in ``app-layer.protocols.tls.encryption-handling`` is
   now deprecated and will be removed in Suricata 9.0. The ``track-only`` option
   should be used instead.