Hello.

Does anyone know how i can track down who has deleted a file in a file system?

Not possible unless you have a trace on literally every command made by every session in the system and even then I'd bet a truly determined person could sidestep that. You may be able to view command history of the various users and catch something. This also depends highly on the integrity of the user accounts. Someone could've logged in not as their self, they could have used an unattended terminal, they could've changed to root. Better instead to look for ways to not have critical files deleted in the future. If there is collaborative work; such as development, then best to use a revision control system to maintain historical changes to the file by various users.

try to log user command, if you are root

In Ubuntu (or Debian-based), I have not try in CentOS

vim /etc/bash.bashrc
• add to end file: export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
• sudo apt-get install sysklogd ( if not installed )
• Set the syslogger to trap local6 to a log file by adding this line in the /etc/syslog.conf file:
local6.* /var/log/cmdlog.log
• touch /var/log/cmdlog.log by root
• /etc/init.d/sysklogd restart
• tail -f /var/log/cmdlog.log