Search for a package named "acct" or "audit" for your distribution. It may be partially preconfigured. The process involves using the kernel to report when a file is modified. System level calls are reported. An auditing process is run in the background as well. You configure the system for what you are interested and can use tools such as aureport to provide information.
This page is a little dated, but may give you an idea how auditing works. http://www.novell.com/documentation/..._aureport.html
I didn't catch where you configure it to send audit messages to a logging server, but did see there is an entry for which port to use to receive reports, so I assume, I just missed it.
You can also configure syslog-ng to log /var/log/messages, and other text logs to a central logging server. This will help prevent an intruder from hiding his tracks.
Just as important is maintaining regular backups. Most deletions or modifications you will deal with will be accidental and not something malicious.