The only native option IBM gives you is to open opsnav TCPIP servers and pull up server jobs, but this is pretty much useless. The way I do it is with a NetIQ exit program. PowerTech I think has the same capablity and of course you could write your own. These packages allow you to limit incoming FTP to desired users or addresses and monitor them or just monitor for exceptions. Unfortunately this only covers incoming FTP. For outgoing FTP you would have to change the jobd for FTP server jobs, QTMFTPS to 0-4-*seclvl log cl commands *yes and manipulate the spooled files to a PF then use an RPG or SQL script to pull out a report.
BTW, if you are PCI audited and don’t have one of these security packages get ready to bite the bullet soon. PCI is going to get tougher every round for several years to come. We almost have all telnet on the iSeries, three systems and eight LPARs, requiring SSL to connect, and FTP won’t be far behing.