xferlog_enable=YES vsftpd_log_file=/var/log/vsftpd.log
To further secure your FTP server:
vsftpd is widely used on Unix-like systems, particularly as the default FTP server for many Linux distributions. On July 3, 2011, a user reported that vsftpd 2.0.8 opened a listening port on 6200/tcp when a specific username was supplied. Within hours, the vsftpd maintainer (Chris Evans) confirmed that the official download had been backdoored. The compromised version was available for download for approximately one week before being replaced. vsftpd 208 exploit github fix
If you must examine exploit code for research: xferlog_enable=YES vsftpd_log_file=/var/log/vsftpd