This event occurs when the DHCP server cleans up the address lease database. It will try to free up addresses that are beyond the lease expiration time (e.g. 48 hours) and return them to a state where they can be used by other computers on the network, or the same computer should it try to login and the address hasn't been taken. The Event Viewer will then log the 2 messages 1037 and 1038
You can disable Audit logging on the DHCP server but this will NOT prevent the messages appearing in the Event Viewer. I have not seen anywhere a way to stop this.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.