Hmm well current logins can be seen using w or who, but I'm not sure about the transfers..well there are tools of course to see open files and so on, but is it really ethical to spy on what they're transferring? I mean, if you're an admin, it doesn't necessarily belong to you what the users transfer. ISPs work so they've said what you can do and cannont, and if they happen to get a clue you're doing something wrong, they do something about it, but they still have no right to spy on what you are exactly doing. In here one big company tried that and got busted.
Also, punishment is always a per-case thing, so you shouldn't automate that, but personally see what has been violated and act accordingly. And since you're running a server, you already know how to add and remove, lock and unlock user accounts..or if you don't, I suggest you don't try to run a server of any kind yet.
How-tos can be found using Google, easily. Even good how-tos can be found there. I doubt if you have even tried to search, if you're asking that here..