In its most basic form, configuration is expressed as a list of key-value pairs, or — in some files — keyword-value pairs:

Allowed values depend on the specific key, but broadly has the following types:

A (non-scoped) value or the “simple value” of a scoped value can optionally be enclosed in double quotes. The entire value must be quoted, and anything other than a comment or whitespace after the closing double quote is considered an error. This can — for example — be used if the value contains a ‘#’ (e.g. Key = "some#value"), or braces (‘{’/‘}’). Unquoted, the ‘#’ is interpreted as the start of a comment, and the braces as the start or end of a scoped value.

For braces, it’s also possible to escape them by doubling them ({{/}}); doubled braces are always undoubled, even if the value is enclosed in double quotes.

Some configuration files use scopes. Scopes are key-value pairs or keyword-value pairs enclosed in braces (‘{’ and ‘}’). Their exact usage and syntax depend on the specific configuration file.

In general, the syntax is:

We call the part after the = (equals) a scoped value^[1].

Some configuration files allow a scoped value without a simple value; this — for example — establishes a default configuration. In that case, both the equals (‘=’) and the simple value are absent.

For example, databases.conf has key-value pairs, where the value is either a string (simple value), or a scoped value (string value + scope):

In this example, security.db is the key, and the string $(dir_secDb)/security4.fdb and the key-value pairs between braces are the value of security.db. The configuration options RemoteAccess and DefaultDbCachePages are applied specifically to the security database (alias security.db).

As another example, trace configuration, plugins.conf and replication.conf have keyword-value pairs, where the value is (always) a scoped value

Here database = /your/db.fdb identifies this as replication configuration specific to the database /your/db.fdb, with the actual configuration listed within the braces.

A ‘#’ starts a comment, until the end of that line. Comments are ignored by the configuration parser.

Comments are used in the default configuration files for documentation, and to show default values without explicitly configuring those values.

For your own use, you can use comments to temporarily disable a configuration item or revert to the default. You can also use comments to record why a specific configuration value was chosen (e.g. by specifying a rationale, or a link to an external document, etc.).

If you need to specify a value that contains the ‘#’ symbol, enclose the value in double quotes (e.g. Key = "some#value").

Firebird provides a number of predefined macros which can be used in configuration values to substitute directory locations.

The syntax to use these macros is $(macro-name) (e.g. $(dir_plugins)).

It is not possible to define your own custom macros.

The macro names are case-insensitive.

For replication, additional macros are available for specific configuration items; these are covered in replication.conf.

The include statement allows you to include the content of another file when the configuration file is read.

Where path-expression is a string identifying the file or files to include. The path-expression supports:

Configures the database paths — other than aliases — the server accepts for opening databases.

Global

Full (see Security recommendation!)

ExternalFileAccess, ISC_PATH

Enables remote access of databases.

Global, and per-database

true

The Boolean option RemoteAccess controls if databases can be opened remotely — via TCP/IP, or WNET^[4], or only locally using embedded or — on Windows — XNET.

Any TCP/IP or WNET connection is considered remote, including connections created from the same machine (localhost).

Configures paths allowed for external table files.

Global, and per-database

None

This setting does not prevent creation of an external table with a disallowed path, but attempts to query the external table or insert into the external table will fail if the path is not allowed.

Attempts to access (select or insert) an external table file not allowed by the configuration will produce error “Use of external file at location <filename> is not allowed by server configuration” (error code 335544831 or isc_conf_access_denied).

For more information on external tables, see section External Tables in the Firebird 5.0 Language Reference.

DatabaseAccess, UdfAccess

Configures paths allowed for loading UDF — User-Defined Function — libraries.

Global

None

UDFs and — by extension — UdfAccess are deprecated. The recommended replacements are built-in functions, PSQL functions (introduced in Firebird 3.0), or UDR functions (User-Defined Routine, introduced in Firebird 3.0).

ExternalFileAccess

Directories used by the Firebird engine for temporary files.

Global

Value of environment variable FIREBIRD_TMP (or its fallback).

The <path-list> is a semicolon-separated list of directories. It is possible to use absolute paths (e.g. Windows — C:\Database, Linux — /db), and relative paths. Relative paths are resolved against the root directory of Firebird. Given relative paths are not always obvious, it is recommended to use absolute paths.

Firebird will use the first directory listed until it runs out of disk space, then switch to the next directory in the list, and so on.

This setting does not affect the location of lock files.

TempTableDirectory, FIREBIRD_TMP

Directory used for temporary tables and temporary blobs.

Global, and per-database

Value of environment variable FIREBIRD_TMP (or its fallback).

Contrary to TempDirectories, this setting only accepts a single directory. If the configured directory does not exist or is not accessible, Firebird will use the directory specified in FIREBIRD_TMP or its fallback.

TempDirectories, FIREBIRD_TMP

Trace configuration file for system audit.

Global

No value

The AuditTraceConfigFile sets the configuration file for system-wide auditing using the trace facility. System audit is only enabled if this configuration item is set to a valid trace configuration file.

It is possible to use absolute paths (e.g. Windows — C:\Firebird\fbtrace.conf, Linux — /fb/fbtrace.conf), and relative paths. Relative paths are resolved against the root directory of Firebird.

Trace configuration

Maximum size in MiB of user trace session log files.

Global

Megabyte (MiB)

10 (10 MiB)

When the log file of a user trace session reaches the configured size, the trace session is suspended until the trace data is read through the trace service API (which clears/deletes the outstanding log file).

Default number of cached database pages

Global, and per-database

Database page

Firebird uses the page cache to store recently used database pages in memory. For SuperServer, the page cache is per database, and it’s shared by all connections to that database; for SuperClassic and Classic, the cache is per connection.

On SuperServer, the cache for each database will use (page count) * (page size).
On (Super)Classic, the cache will use (page count) * (page size) * (connection count).

This setting only takes effect if the database has not been configured with an explicit number of page buffers using gfix -buffers. A backup with gbak will record the current configuration in the backup file — even if it is derived from DefaultDbCachePages and not explicitly set. After a restore, the database will have this value explicitly configured in its database header, unless overridden with -⁠BUFFERS.

On (Super)Classic the cache can also be overridden for a specific connection using the isc_dpb_num_buffers connection property.

Maximum database growth increment in bytes.

Global, and per-database

Byte

128M (128 MiB)

When a database has to allocate a database page, and there are no free pages, Firebird will allocate space with the following constraints:

Preallocation reduces physical file fragmentation, and may improve performance.

If DatabaseGrowthIncrement is set to zero (0), preallocation is disabled, and Firebird will then allocate space per page.

Database shadow files are not preallocated.

Configures if Firebird uses the filesystem cache for database files.

Global, and per-database

true

This setting is ignored if it is not explicitly set, and FileSystemCacheThreshold has been explicitly set.

Enables filesystem caching of a database if its page cache size is less than the configured value.

Global, and per-database

Database page

64K (see also note below)

If set explicitly and UseFileSystemCache is not set explicitly, the filesystem cache is used if the page cache size configured in the database header — or if not set in the database header, the value of DefaultDbCachePages — is less than FileSystemCacheThreshold.

The maximum percentage of RAM used for the filesystem cache on 64-bit Windows.

Global

Percent

0, 10 - 95

0

If 0, Firebird will use the current filesystem cache settings and will not attempt to change the setting.

Values in the range of 10 to 95 specify the maximum percentage of RAM the host will use for the filesystem cache. Values outside this range — other than 0 — will apply a default value of 30.

Configures if Firebird allows opening of database files on mounted network volumes.

Global

0 (false)

By default, Firebird only opens database files on local disks. When RemoteFileOpenAbility is enabled, Firebird can also open databases from mounted NFS volumes (Linux) or SMB/CIFS volumes (Windows)

Allocation block size for temporary storage.

Global

Byte

1M (1 MiB)

Temporary storage is allocated in increments of TempBlockSize.

Maximum amount of temporary space that is cached in memory.

Global, and per-database

Byte

For Classic, the default is lower because the memory is allocated per server process, and this means the memory requirement grows with each connection.

Maximum identifier length in bytes.

Global, and per-database

Byte

1 - 252

252

Since Firebird 4.0, identifiers can be a maximum 252 bytes, or 63 characters UTF8. Set to 31 to use the same limit as in Firebird 3.0 and earlier.

This setting combined with MaxIdentifierCharLength determines the actual maximum length. For example, if MaxIdentifierCharLength setting is 31, and MaxIdentifierCharLength is not set, or set to 124 or higher, then an identifier can have maximum 31 characters of any UTF8 character. On the other hand, if MaxIdentifierCharLength is set to 31, and MaxIdentifierCharLength is also set to 31, then you can have 31 characters from the ASCII range, but using characters that require 2, 3, or 4 bytes to be encoded will reduce the actual maximum length in characters (to a minimum of 7 if all characters are 4 bytes in UTF8).

MaxIdentifierCharLength

Maximum identifier length in characters.

Global, and per-database

Character

1 - 63

63

Since Firebird 4.0, identifiers can be a maximum 252 bytes, or 63 characters UTF8. Set to 31 to use the same limit as in Firebird 3.0 and earlier.

This setting combined with MaxIdentifierByteLength determines the actual maximum length. For example, if MaxIdentifierCharLength setting is 31, and MaxIdentifierCharLength is not set, or set to 124 or higher, then an identifier can have maximum 31 characters of any UTF8 character. On the other hand, if MaxIdentifierCharLength is set to 31, and MaxIdentifierCharLength is also set to 31, then you can have 31 characters from the ASCII range, but using characters that require 2, 3, or 4 bytes to be encoded will reduce the actual maximum length in characters (to a minimum of 7 if all characters of an identifier are 4 bytes in UTF8).

MaxIdentifierByteLength

Maximum sort record size that can be stored inline in the sort block.

Global, and per-database

Byte

1000

This controls if non-key fields are stored inside the sort block, or to refetch them from the data pages after sorting. If the sort record size with non-key fields exceeds the configured maximum, only the key fields are stored in the sort block.

A value of 0 (zero) disables storing non-key fields and always refetches non-key fields.

This setting is a balance between the cost of refetching data, and the cost of sorting when including non-key data. If a sort block is very large (e.g. due to a lot of rows and/or large sort record size), the sort will be performed on disk. The I/O cost of sorting including non-key fields may be larger than the I/O cost of refetching data.

Enables first row optimization strategy.

Global, and per-database

false (optimize for all rows)

Defines whether queries should be optimized to return the first row(s) as soon as possible rather than returning the whole dataset as soon as possible. By default, Firebird optimize for retrieval of all rows.

This can be overridden at the session level using the SET OPTIMIZE statement, or at the statement level by using the OPTIMIZE FOR clause.

Enables optimizer conversion of outer joins to inner joins.

Global, and per-database

true (enabled)

Defines whether the optimizer attempts to convert outer joins into inner joins, provided that such a transformation is possible from the query result perspective. This can be done if — for example — a LEFT OUTER JOIN is used, but the “missing” rows of the right table are filtered out in the WHERE by a condition that excludes NULL for a column of that table.

Enabled by default. Disable to simplify the migration path if outer joins are used intentionally in SQL queries (e.g. as optimizer hints) even if they are known to be semantically equivalent to inner joins.

Enables experimental optimizer conversion of subqueries in EXISTS and IN to semi-joins.

Global, and per-database

false (disabled)

Defines whether the optimizer attempts to merge subqueries in EXISTS and IN with the outer query by converting them to semi-joins, provided that such a transformation is possible from the query result perspective.

Authentication plugins accepted by Firebird server.

Global, and per-database

Srp256

Authentication plugins have a server-side part and client-side part. The authentication plugins implement how a user is authenticated. Some authentication plugins also generate the encryption key for wire encryption. Generally, users are managed by a user manager that is specific to a plugin or family of plugins.

The authentication plugins the client tries are specified by the AuthClient setting.

A default Firebird installation supports the following authentication plugins:

From these plugins, only Legacy_Auth does not generate an encryption key for wire encryption. Additional third-party plugins may be available.

AuthClient, UserManager

Authentication plugins tried by Firebird fbclient.

Global, per-database, client-side, and per-connection

Srp256, Srp, Legacy_Auth (non-Windows)
Srp256, Srp, Win_Sspi, Legacy_Auth (Windows)

The authentication plugins determine how a user authenticates. Some authentication plugins also generate the encryption key for wire encryption.

For a list of plugins supported by a default Firebird installation, see Standard authentication plugins included in Firebird.

When configured server-side (in firebird.conf or databases.conf), this setting controls which plugins are tried when the server creates a connection to another database (e.g. using EXECUTE STATEMENT …​ ON EXTERNAL).

When configured client-side — in firebird.conf read by the client, or using isc_dpb_config (key/value) or isc_dpb_auth_plugin_list (value only) — it controls which plugins are tried for connecting.

The server and client must agree on the plugins used. The list of plugins accepted by the server is configured through AuthServer. However, the client will always try the first plugin listed, even if not supported by the server. Subsequent plugins will only be tried if they are also listed in the AuthServer setting of the server.

AuthServer

Enabled user manager plugins.

Global, and per-database

Srp

User manager plugins manage users, generally in the security database. The user manager plugins are also used to populate the SEC$USERS and SEC$USER_ATTRIBUTES virtual tables.

The first plugin listed is the default user manager. The default user manager is used if the USING PLUGIN clause is absent from user management statements. The default user manager is also used by gsec and the user management service API^[5].

Setting UserManager explicitly to an empty value (blank) will disallow management of users.

A default Firebird installation supports the following user manager plugins:

The per-database configuration in databases.conf enables which user manager plugins are allowed  — and which is the default — when connecting to that specific database. When configured on a security database, it only manages which user manager plugins are allowed when connecting directly to that security database; it does not configure which user manager plugins may store data in that security database.

AuthServer

Default profiler plugin

Global, and per-database

Default_Profiler

Specifies the default profiler plugin used by the RDB$PROFILER package, if no explicit plugin name is specified (parameter PLUGIN_NAME of START_SESSION).

The trace plugin used by the Firebird trace facility.

Global

fbtrace

The Firebird trace facility can be used to audit or record statements executed on the server. The trace plugin is responsible for writing the data to a log file in a specific format.

Firebird includes a default trace plugin called fbtrace. There are third-party plugins available which provide different output formats.

Wire crypt plugins tried by the client and/or accepted by the server.

Global, per-database, client-side, and per-connection

ChaCha64, ChaCha, Arc4

Wire crypt plugins allow for encryption of the database connection after authentication. The default plugins included in Firebird use a session-key generated by the authentication plugin^[6] to encrypt the connection.

A default Firebird installation supports the following wire encryption plugins:

This configuration property serves multiple purposes:

The intersection of server-side and client-side wire encryption plugins decides which plugins are tried. The server-side order of plugins decides in which order they are tried.

Database encryption keyholder plugin

Global, and per-database

No value

A keyholder serves as a temporary storage for database encryption keys. Generally, this plugin will be provided by the third-party database encryption plugin.

Firebird does not include a default plugin. The Linux distribution includes an example in libCryptKeyHolder_example.so, but this library is intended as an example only, and is not for production use.

Enables use of an encrypted security database.

Global, and per-database

false

With the default setting, it is not possible to authenticate against an encrypted security database.

Depending on the database encryption plugin used and its configuration, the client may hold the encryption key and needs to send it to the server to be able to access the database. With the default configuration, this key exchange will only happen after authentication completed successfully and — if enabled — wire encryption was set up (which depends on the session key of authentication).

However, if the security database is encrypted, this key exchange must occur before authentication. As this needs to happen before wire encryption is established, and could lead to key exposure^[7], this must be explicitly enabled.

In general, the security database — assuming use of SRP and long/quality passwords — is pretty good at protecting itself and doesn’t need to be encrypted. One use case of an encrypted security database is if a database is its own security database and needs to be encrypted for other reasons.

Authenticating against an encrypted security database is not supported by the Legacy_Auth authentication plugin.

Connection providers used to connect to a database.

Global, per-database, client-side, and per-connection

Remote,EngineNN,Loopback (with NN the major ODS of the Firebird version)

Providers are plugins used to connect to a database.

A default Firebird installation supports the following provider plugins:

Additional providers may be added. For example, copying the Engine12.dll/libEngine12.so from Firebird 3.0 to the plugins directory of Firebird 4.0 or 5.0 and including Engine12 in Providers adds support for opening Firebird 3.0 (ODS 12) databases.

This configuration property serves multiple purposes:

Timeout for detecting and purging locks held by dead processes in case of a lock conflict.

Global, and per-database

Second

10

The deadlock timeout is the number of seconds the lock manager will wait in case of a lock conflict before purging locks of dead processes and doing an extra deadlock scan cycle. In normal cases, Firebird will detect deadlocks instantly, so this timeout is only to detect exceptional cases.

Setting this setting too low may increase load and reduce performance.

Statement timeout.

Global, and per-database

Second

0 (no timeout)

The statement timeout is the maximum duration of statement execution and cursor use. The engine will automatically cancel the statement after the configured number of seconds. A value of 0 means that no database-level statement timeout is set.

The statement timeout can be configured on three levels:

The timeout is reported when the client sends a request involving the statement handle. The request will complete with error isc_cancelled and a secondary error code indicating which timeout expired:

Connection idle timeout.

Global, and per-database

Minute

0 (no timeout)

The connection idle timeout — or session idle timeout — is the maximum time a connection may be idle (i.e. the engine receives no requests) before it shuts down the connection. A setting of 0 means that no database-level connection idle timeout is set.

By default, the idle timeout is not enabled. No minimum or maximum limit is imposed, but a reasonably large period — such as a few hours — is recommended.

The connection idle timeout can be configured on three levels:

When a connection is shutdown by the expiration of the idle timeout, the next user API call returns the error isc_att_shutdown with secondary error isc_att_shut_idle.

Timeout of ON DISCONNECT triggers.

Global, and per-database

Second

180 (3 minutes)

Firebird will automatically cancel ON DISCONNECT triggers if they run longer than the configured timeout. A value of 0 means that no timeout is set.

Maximum number of pending asynchronous writes.

Global, and per-database

Data page/pending write

100 (Windows)
-1 (other platforms)

This parameter determines how frequently pending asynchronous writes are flushed to disk when Forced Writes are disabled (or, asynchronous writing is enabled). Its value is the number of asynchronous writes that may be pending before a flush is flagged to be done next time a transaction commits. A setting of -1 disables this (i.e. pending writes are not flushed).

This setting only applies when forced-writes are off.

If the MaxUnflushedWriteTime expires before the maximum number of pending pages is reached, the currently pending pages are flushed as well.

MaxUnflushedWriteTime

Maximum time asynchronous writes may be pending.

Global, and per-database

Second

5 (Windows)
-1 (other platforms)

This parameter determines how frequently pending asynchronous writes are flushed to disk when Forced Writes are disabled (or, asynchronous writing is enabled). Its value is the maximum time in seconds an asynchronous write may be pending before a flush is flagged to be done next time a transaction commits. A setting of -1 disables this (i.e. pending writes are not flushed).

This setting only applies when forced-writes are off.

If the MaxUnflushedWrites is reached before this timeout, the currently pending pages are flushed as well.

MaxUnflushedWrites

Enables bugcheck abort.

Global

0 (false) — normal builds
1 (true) — debug builds (with DEV_DEBUG)

When enabled, Firebird calls abort() when internal errors or BUGCHECK macros are encountered. This invokes the post-mortem debugger which can create a core-dump for off-line analysis. When disabled, the engine tries to minimize damage and continue execution.

Setting this option to 1 will produce traceable core-dumps when something nasty like SIGSEGV happens inside a UDF. On Windows, enabling this option will invoke the JIT debugger facility when errors happen.

Configures if Global Temporary Tables (GTT) with ON COMMIT DELETE ROWS are cleared on commit/rollback retaining.

Global, and per-database

0 (false)

This is a compatibility setting to restore behaviour of Global Temporary Tables as it was in Firebird 2.1. In the normal behaviour (ClearGTTAtRetaining = 0), a Global Temporary Table with ON COMMIT DELETE ROWS is cleared at a hard commit or rollback, but is retained and the data is accessible after a commit retain or rollback retain. When enabled (ClearGTTAtRetaining = 1), the table is also cleared on commit retain or rollback retain.

Relaxes relation alias checking rules in SQL.

Global

0 (false)

In Firebird 2.0, stricter parser rules for aliases of relations (e.g. tables, views) were implemented to conform to SQL standard requirements. Enabling this setting relaxes the relation alias checking rules to the Firebird 1.5 and older behaviour.

With the default setting, if a relation is aliased, you are only allowed to reference that relation using its alias. If RelaxedAliasChecking is set to 1 (true), you can also reference the relation using its original name.

For example:

Configures if READ COMMITTED transactions always use READ CONSISTENCY mode.

Global, and per-database

1 (true)

Since Firebird 4.0, READ COMMITTED by default always uses the READ CONSISTENCY mode, even if [NO] RECORD VERSION (isc_tpb_rec_version/isc_tpb_no_rec_version in TPB) is requested. If ReadConsistency is set to 0 (false), the requested mode is used.

When disabled, READ CONSISTENCY mode must be requested explicitly (e.g. SET TRANSACTION READ COMMITTED READ CONSISTENCY or by including isc_tpb_read_consistency in the TPB).

This setting is intended for backwards compatibility, if your application specifically depends on the behaviour of [NO] RECORD VERSION. In general, we recommend to leave it at its default value.

Configures if newer data types are automatically converted to data types available in an older version.

Global, and per-database

No value

The DataTypeCompatibility setting controls if input parameters (e.g. query parameters) and output columns (e.g. columns of a result set) using new data types are automatically converted to “legacy” data types of the specified older version.

Setting to an empty value will return the data type as is. This can be used in databases.conf to override (clear) the configuration from firebird.conf.

Configure this setting as a last resort, as it affects all clients to the server — if set in firebird.conf — or database — in databases.conf — even if a client supports the newer data types. Whenever possible, use the isc_dpb_set_bind connection property or the SET BIND statement instead.

Connection timeout.

Global, client-side, and per-connection

Second

180 (3 minutes)

The ConnectionTimeout is the number of seconds the client (or the server acting as client to another database) waits before concluding the connection attempt failed.

Controls if wire encryption is used or even required.

Global, per-database, client-side, and per-connection

Required (server)
Enabled (client)

By default, encryption is Required for incoming connections and Enabled for outgoing connections (client connections).

To access a server using an older client library which does not support wire encryption, WireCrypt in the server configuration file should be set to Enabled instead of the default Required. It is recommended to not set WireCrypt to Disabled, because then newer clients will also not encrypt their connections.

The rules are:

Enables (zlib) wire compression of connections.

Client-side, and per-connection

false

This setting is ignored if the client library does not have access to the zlib library (zlib1.dll/libz.so.1).

It is not possible to disable wire compression server-side; if the client requests compression, the server will enable compression.

Seconds to wait on a silent client connection before the server sends a dummy packet to request acknowledgment.

Global, per-database, client-side, and per-connection

Second

0 (disabled)

The dummy packet interval is a way to detect broken connections. If a client is idle for more than the configured interval, the server will send a dummy packet to the client. This packet will result in a TCP/IP-level acknowledgement if the connection is still alive. Otherwise, it will result in detection of the broken connection.

Configuring this setting should generally be unnecessary as Firebird configures its sockets with SO_KEEPALIVE which will do a similar check at a lower level. If you do not like the default 2-hour keepalive timeout used by the TCP/IP stack, adjust your server OS settings appropriately.

On UNIX-like OS’s, modify contents of /proc/sys/net/ipv4/tcp_keepalive_* (which also apply to IPv6!).

For Windows, see the KeepAliveTime registry documentation.

Buffer size (in bytes) used by the client connection to accumulate output messages before sending them to the server using the Batch API.

Client-side, and per-connection

Byte

131072 (or 128K)

This configuration item governs size of the client-side buffers for statement parameters and blobs for batch execution. Given blob and parameters are stored in separate buffers, the total space allocated is upto twice the configured size, per batch. Irrespective of the configured buffer size, the client will allocate sufficient space to buffer at least one set of statement parameters.

Default session or client time zone.

Global, client-side, and per-connection

No value (for server: derive from OS time zone)

The value of time-zone-name is a time zone identifier string, as documented in Time Zone Format in the Firebird 5.0 Language Reference.

The TCP service name/port number to be used for database connections.

Global, client-side, and per-connection

gds_db

If service-name is defined in the services definition file (e.g. /etc/services or C:\Windows\System32\drivers\etc\services), it is used to determine the TCP port to use. If service-name is not found, the value or default of RemoteServicePort is used.

The order of precedence is explicitly set values before defaults, and RemoteServiceName — if an entry is found in the services file — before RemoteServicePort. In other words, if RemoteServiceName is not explicitly set, and RemoteServicePort is explicitly set, the value of RemoteServicePort is used.

RemoteServicePort

The TCP service port number to be used for database connections.

Global, client-side, and per-connection

1 - 65535

3050

Configures the TCP port to use.

The order of precedence is explicitly set values before defaults, and RemoteServiceName — if an entry is found in the services file — before RemoteServicePort. In other words, if RemoteServiceName is not explicitly set, and RemoteServicePort is explicitly set, the value of RemoteServicePort is used.

RemoteServiceName

The TCP port number to be used for server event notification messages.

Global, and per-database

0 - 65535

0 (use random port)

When a client listens for events, it establishes a secondary connection to the Firebird server, using a port number the server sends to the client. By default, a random port is used.

This setting can be used to specify a fixed port number, for example one that can be allowed through the firewall.

Buffer size for send and receive buffers of both the client and server for TCP/IP connections.

Global, client-side, and per-connection

Byte

1448 - 32767

8192

The engine reads ahead of the client and can send several rows of data in a single packet. With a larger buffer size, more data can be sent per request (e.g. per fetch).

The server-side configuration only configures the server buffer sizes, and the client-side (and per-connection) configuration only configures the client buffer sizes.

Enables the TCP_NODELAY socket option (which disables “Nagle’s algorithm”).

Global, client-side, and per-connection

1 (enabled)

Disabling “Nagle’s algorithm” (enabling TCP_NODELAY, the default) can improve the responsiveness of network connections, as the socket will not try to coalesce small packets.

Enables the “TCP Loopback Fast Path” feature (SIO_LOOPBACK_FAST_PATH).

Global, client-side, and per-connection

0 (disabled) — since Firebird 3.0.11 and 4.0.3
1 (enabled) — in older versions

The “TCP Loopback Fast Path” can improve performance of localhost connections on Windows systems. For it to work, both the client and the server need to enable the SIO_LOOPBACK_FAST_PATH option on the socket before connecting.

As this option is now deprecated, and Microsoft advises not to use it, exercise caution with this option, and leave or set it disabled.

When enabled, sets the IPV6_V6ONLY socket option on the listener socket.

Global

0 (disabled)

By default, the Firebird server listens on the zero IPv6 address (::) and accepts all incoming connections, whether IPv4 or IPv6, and IPv6V6Only is set to false (0). If it is set to true (1), the server, still listening implicitly or explicitly on the zero IPv6 address, will accept only IPv6 connections.

A different listening address, either IPv4 or IPv6, can be set using the RemoteBindAddress parameter. If an IPv4 address or a non-zero IPv6 address is used, the IPv6V6Only setting has no effect.

When enabled, this will also reject IPv4-mapped IPv6 addresses as a value of RemoteBindAddress.

RemoteBindAddress

Network interface of the TCP/IP listener.

Global

Empty (bind to ::)

The setting accepts an IPv4, IPv6 address, or a hostname; the value may optionally be enclosed in square brackets.

By default — when not specified, or explicitly empty — Firebird listens on :: (the zero IPv6 address). The exact behaviour of the zero IPv6 address depends on IPv6V6Only:

It is not possible to specify multiple bind addresses.

If IPv6V6Only is enabled, IPv4-mapped IPv6 addresses are rejected.

When using a hostname, that hostname is used to resolve an IP address, preferring IPv6 over IPv4; the resolved address is then used to bind the server. So, make sure the hostname resolves to one IP address only (i.e. not be multihomed or otherwise multiplexed, nor be both IPv4 and IPv6). Otherwise, the server may bind to a different IP address on each restart (e.g. if the DNS resolution does a round-robin), and clients may have connection failures when they resolve a different IP address than the one the server was bound to.

IPv6V6Only

Allocation size of the shared memory of the lock manager table.

Global, and per-database

Byte

64K (64 KiB)

The lock manager table is allocated per database.

The value of LockMemSize is the initial size and the allocation unit. The shared memory will grow dynamically as needed in increments of this allocation unit, up to 2 GiB - 1, or when the system runs out of memory.

The number of times that the lock manager will try acquiring a lock in a loop before waiting.

Global, and per-database

0

The lock table of a database can only be accessed by one server process or thread at a time, and this is governed by a mutex. This mutex can be requested conditionally or unconditionally. A conditional request either succeeds immediately or fails and must be retried. An unconditional request will make the process or thread wait (block) until the request succeeds.

This setting is only relevant for SuperClassic and Classic.

It is hard to give specific advice for configuring LockAcquireSpins. On multicore machines — when using Classic and SuperClassic — it can be advantageous to spin on the lock a few times before waiting unconditionally, on the other hand if the lock table is heavily contested, this is likely to “burn” CPU cycles. As such, the advice is to experiment with it, and tune it per database in databases.conf.

Number of hash slots for locks.

Global, and per-database

101 - 65521

8191

Use of prime numbers is highly recommended. Setting out of range values will use the boundary values.

The number of hash slots determines how locks are distributed in the lock hash table. If two or more locks are assigned to the same hash slot, they are chained together, and the server must “walk” this chain to find the right lock in the slot.

If the average length of lock chains is very long (e.g. 20 locks on average), performance of the server may be affected. In that case, you can increase the number of LockHashSlots to a higher prime number. You can use fb_lock_print to determine the average lock chain length (called “Hash lengths” in the lock print output).

Allocation size of the shared memory for the event manager.

Global, and per-database

Byte

64K (64 KiB)

The memory for the event manager is allocated per database.

The value of EventMemSize is the initial size and the allocation unit. The shared memory will grow dynamically as needed in increments of this allocation unit, until the system runs out of memory.

Allocation size of shared memory for snapshot management.

Global, and per-database

Byte

64K (64 KiB)

The memory for snapshots is allocated per database. Each active snapshot uses 16 bytes of memory.

The value of SnapshotsMemSize is the initial size and the allocation unit. The memory will grow dynamically as needed in increments of this allocation unit, until the system runs out of memory.

Snapshots are used to provide a stable view on data within a transaction or during statement execution. See also Commit Order for Capturing the Database Snapshot in the Firebird 4.0 Release Notes.

Block size of shared memory allocated for TIP cache.

Global, and per-database

Byte

4M (4 MiB)

The TIP cache is a list of all known transactions with associated Commit Numbers (CN), which are used to determine record visibility of active transactions.

The memory for the TIP cache is allocated per database. Each transaction uses 8 bytes of memory. The default size of a TIP cache block is 4 MiB, providing capacity for 512 * 1024 transactions.

A reason to reduce this value is if you have a small TIP cache (or, a small difference between OIT and Next Transaction) and want to conserve memory. A reason to increase this value is if you need a very large TIP cache (or, a very large difference between OIT and Next Transaction) and approach limits on kernel objects allocated for each block (files, mutexes, etc).

The TIP cache is implemented as an array indexed by transaction ID, with as value the corresponding Commit Number. This array is split into blocks of TipCacheBlockSize bytes containing the CN’s for all transactions between the OIT and Next Transaction markers. When Next Transaction moves beyond the range of the highest block, a new block is allocated. The oldest block is released when the OIT moves beyond the range of that block.

File to redirect stdout and stderr output of server.

Global

/dev/null (Linux and other Unix-like OSes)
nul (Windows)

By default, stdout and stderr are redirected to the “null-device” to suppress any output.

When set to empty or -, the stderr and stdout are not redirected. When set to a file, it is redirected to that file.

This can be helpful when debugging plugins, UDRs, or UDFs that write to stdout or stderr.

Which CPUs should be used (Windows Only)

Global

0 (all CPUs)

Sets which processors can be used by the server. The value is taken from a bitmap in which each bit represents a CPU. Thus, to use only the first processor (CPU 0), the value is 1. To use both CPU 0 and CPU 1, the value is 3 (binary 11). To use CPU 1 and CPU 2, the value is 6 (binary 110). The default value is 0 - no affinity will be set.

In Firebird 5 and later, on Windows 10 and later, if affinity is not set by CpuAffinityMask, nor by the caller process, then the server tries to exclude efficiency cores from its own affinity mask, i.e. default affinity mask includes performance cores only.

On 32-bit Windows, this can configure at most 32 CPUs; on 64-bit Windows, at most 64 CPUs. On systems with more than 64 processors, it can only configure the processors in the processor group assigned to the Firebird process.

For technical information, see the Microsoft documentation of SetProcessAffinityMask.

Garbage collection policy.

Global, and per-database

combined (SuperServer)
cooperative (Classic/SuperClassic)

The garbage collection policy configures how Firebird SuperServer performs garbage collection. For Classic and SuperClassic, this setting is ignored; they always use the cooperative policy.

Maximum amount of memory per connection for the statement cache.

Global, and per-database

Byte

2M (2 MiB)

The statement cache is a per-connection cache of previously compiled SQL statements. Setting the value to 0 disables the cache.

The cache is maintained automatically; cached statements are invalidated when required, e.g. when a DDL statement is executed, or when the cache size exceeds MaxStatementCacheSize.

Location of the security database.

Global, and per-database

$(dir_secDb)/securityN.fdb (with N the major version of Firebird)

The security database is used for authentication and certain global configuration and user privileges (e.g. global authentication mapping, and CREATE DATABASE privileges). When using embedded mode, no authentication is performed.

The SecurityDatabase can be configured per database in databases.conf. Such a security database can be created as a normal database. Initialization as a security database happens per authentication plugin, the first time that authentication plugin is used to create a user. This initialization must be done with an embedded connection otherwise you cannot connect, or authenticated with a SYSDBA or RDB$ADMIN user of an already initialized authentication plugin.

It is possible to configure a database as its own security database, but only after the database has been created.

Maximum number of parallel workers per database per process.

Global

1 - 64

1 (no parallelism)

Values higher than 1 configure the total number of parallel workers that can be created within a single Firebird process for each attached database. Workers are accounted for each attached database independently.

Parallel workers are used to parallelize certain database operations. In Firebird 5.0, that includes index creation and rebuilding, and sweep.

In SuperServer, worker attachments are implemented as light-weight system attachments, while in Classic and SuperClassic they look like normal user attachments. All worker attachments are embedded into the creating server process, so in Classic there are no additional server processes. Worker attachments are present in monitoring tables. Idle worker attachments are destroyed after 60 seconds of inactivity. In Classic, worker attachments are destroyed immediately when the user connection detaches from the database.

Setting out of range values will use the boundary values.

ParallelWorkers

Default number of parallel workers for a connection.

Global

1 - MaxParallelWorkers

1 (no parallelism)

This configures the default number of parallel workers that can be created by a single connection. This default can be overridden with the isc_dpb_parallel_workers connection property (up to the maximum MaxParallelWorkers).

For accounting purposes, the user connection itself is counted as a worker, which is why value 1 means no parallelism, and a value of 2 means 1 additional worker connection next to the user connection.

Parallel workers are allocated on a first come, first served basis, so — in SuperServer and SuperClassic — when multiple connections to a database ask for parallel workers, at most MaxParallelWorkers workers can be created. For example, if ParallelWorkers is 3 and MaxParallelWorkers is 4, and three connections ask for parallel workers, only 4 are allocated, e.g. two workers for the first, two for the second, and none for the third connection.

A connection only asks for parallel workers when performing a parallel operation. Once the operation is complete, the worker is released.

Parallel workers are used to parallelize certain database operations. In Firebird 5.0, that includes index creation and rebuilding, and sweep.

Setting out of range values will use the boundary values.

MaxParallelWorkers

Configures behaviour of the Firebird Guardian service (Windows only).

Global

1 (always restart)

This setting only has effect when the Firebird Guardian service is installed and running.

Priority level/class for the server process (Windows only).

Global

0 (normal priority)

Configures the process priority on Windows, which is used by the CPU scheduler to decide how and when to schedule threads of the Firebird process(es).

Setting a negative value may reduce responsiveness of the Firebird server if the system is otherwise busy, and setting a positive value may result in Firebird starving other process of CPU cycles. In general, do not set this to anything other than 0, and if you do set it, carefully test if your system responds correctly.

For technical information, see the Microsoft documentation of SetPriorityClass.

Name of the shared memory area used as the transport channel for the XNET (a.k.a. local) protocol (Windows only).

Global, client-side, and per-connection

FIREBIRD

Server-side, the configuration is used to create the shared memory to accept XNET connections, and for creating XNET connections to other servers. Client-side, the configuration is used to open the shared memory to make XNET connections to the server.

The user running the server process should have the SE_CREATE_GLOBAL_NAME privilege (or SeCreateGlobalPrivilege), so the shared memory area can be registered in the Global\ namespace. If the user does not have this privilege, it will be registered in the local namespace, and only processes running in the same session will be able to connect using XNET.

If you’re running Firebird as a service, and the user does not have SeCreateGlobalPrivilege, processes on the same machine will not be able to connect with XNET, as the service runs in its own session.

You can configure this value if you have multiple Firebird servers running on the same machine which all need to be able to accept XNET connections. In that case, clients will need to be configured with that IpcName as well, either in their firebird.conf, or through isc_dpb_config.

Name of the pipe used as a transport channel in the WNET (a.k.a. NetBEUI) protocol (Windows only).

Global, client-side, and per-connection

interbas

Server-side, the configuration is used to create the pipe to accept WNET connections, and for creating WNET connections to other servers. Client-side, the configuration is used to open the pipe to make WNET connections to the server.

You can configure this value if you have multiple Firebird servers running on the same machine which all need to be able to accept WNET connections. In that case, clients will need to be configured with that RemotePipeName as well, either in their firebird.conf, or through isc_dpb_config.

Configures how Firebird creates named Windows kernel objects, such as events, memory mapped files, etc. (Windows only).

Global

false

Since version 4.0.3, Firebird creates named kernel objects in a private namespace. This allows processes to interact within different Windows sessions, such as a user session and a service session. Also, it uses the engine version in some shared event names; this allows a single process to host Firebird engines of different versions.

This setting is for backward compatibility between Firebird 4.0 releases only, and is not present in Firebird 5.0 and higher. Enabling it allows simultaneous running of processes of newer (>= 4.0.3) and older (< 4.0.3) subreleases of Firebird 4.0.

Allow multi-hop connections to other Firebird servers.

Global

0 (false)

A multi-hop connection allows you to redirect a connection to a database through intermediate servers.

With this setup, a connection string specifies a list of servers to connect through, where the last server is the server that actually hosts the database.

For example, with the connection string host1:host2:database, the client will connect to host1 with the database host2:database. If host1 has redirection enabled, it will — without authentication on host1 — forward the connection to host2 to open database database — where the connection will be authenticated. Packets will be routed through host1 between host2 and the client.

In effect, host1 serves as a pass-through proxy to host2.

Configures database access, process, and caching behaviour of the Firebird engine.

Global

Super

The ServerMode affects how Firebird opens databases, and the memory use per attachment. There is no single “best” choice.

Maximum number of inactive (idle) connections in the external connections pool.

Global

0 - 1000

0 (disabled)

The external connections pool is a connection pool for the external data source (EDS) subsystem. For details, consult Pooling of External Connections in the Firebird 3.0 Release Notes.

As the connection pool is per process, for Classic this means it is effectively per connection.

The number of seconds a connection can be idle in the external connections pool before it is closed.

Global

Second

1 - 86400 (1 second to 24 hours)

7200 (2 hours)

When an external connection is returned to the idle list of the pool, a timer is started. At or after this timer reaches ExtConnPoolLifeTime, the connection will be closed and removed from the pool.

The timer is stopped and cleared when the connection is returned to the active list of the pool.

The external connections pool is a connection pool for the external data source (EDS) subsystem. For details, consult Pooling of External Connections in the Firebird 3.0 Release Notes.

Plugin used to perform replication.

Synchronous, asynchronous

empty (use built-in replication)

Leaving/setting this empty will use the built-in (default) replication.

Pattern for tables to include in replication.

Synchronous, asynchronous

empty (all tables of publication set)

By default, all tables in the publication set of the database are replicated. The include_filter can be used to reduce this to a subset (only those matching the include_filter — and not matching the exclude_filter).

The publication set of the database can be configured with ALTER DATABASE, CREATE TABLE and ALTER TABLE. This is not covered by this reference. For further details, see Setting Up Replication in the Firebird 4.0 Release Notes.

The include_filter uses the SQL regular expression syntax, described in Syntax: SQL Regular Expressions in the Firebird 5.0 Language Reference.

exclude_filter

Pattern for tables to exclude in replication.

Synchronous, asynchronous

empty (exclude nothing)

By default, all tables in the publication set of the database are replicated. The exclude_filter can be used to reduce this to a subset (exclude those matching the exclude_filter — possibly already limited to those matching the include_filter).

The publication set of the database can be configured with ALTER DATABASE, CREATE TABLE and ALTER TABLE. This is not covered by this reference. For further details, see Setting Up Replication in the Firebird 4.0 Release Notes.

The exclude_filter uses the SQL regular expression syntax, described in Syntax: SQL Regular Expressions in the Firebird 5.0 Language Reference.

include_filter

Configures if all errors and warnings are logged to replication.log.

Synchronous, asynchronous

true

This setting only affects error logging on the primary side. For error logging on the replica side, see verbose_logging.

verbose_logging

Configures if replication errors are reported to the client application.

Synchronous, asynchronous

false

Configures if a replication error disables replication.

Synchronous, asynchronous

true

The following configuration items are specific to configure the primary side of the built-in (default) replication. If you use a third-party replication plugin, consult the documentation of your replication plugin for its configuration items.

Size of in-memory buffer to accumulate changes that can be deferred until transaction commit/rollback.

Synchronous, asynchronous

Byte

1048576 (1 MiB)

The bigger this value, the less concurrent disk access (related to journal IOPS) happens.

For synchronous replication, it also affects number of network round-trips between primary and replica hosts. However, a larger buffer results in a longer replication “checkpoint” (delay to synchronize the original database with its replica at commit).

Directory to store replication journal files.

Asynchronous

The journal directory is a working directory where the Firebird server stores its journal files for the primary for asynchronous replication.

This setting should not be specified when only using synchronous replication.

The journal directory is for use by the primary only; this directory and its contents should not be referenced, accessed or modified by the replica (or anything else).

When asynchronous replication is used, journal files (or, replication segments) are moved to the journal archive directory or using a custom archiving command when they are ready to be replicated to (consumed by) the replica.

journal_archive_directory, journal_archive_command, journal_source_directory

Prefix for replication journal file names.

Asynchronous

empty (use database filename)

The journal filename is generated by concatenating the prefix with a sequential number.

If not specified, the database filename (without path) is used as a prefix.

Maximum allowed size for a single replication segment.

Asynchronous

Byte

16777216 (16 MiB)

journal_archive_timeout

Maximum allowed number of full replication segments pending archiving.

Asynchronous

Replication segments

8

Once this limit is reached, the replication process is temporarily delayed to allow the archiving to catch up. If any of the full segments are not archived within one minute, replication fails with an error.

Zero (0) means an unlimited number of segments pending archiving.

Delay, in milliseconds, to wait before the changes are synchronously flushed to the journal (usually at commit time).

Asynchronous

Millisecond

0 (no delay)

This setting allows multiple concurrently committing transactions to amortise I/O costs by sharing a single flush operation.

Zero (0) means no delay, i.e. “group flushing” is disabled.

Directory to store archived replication segments.

Asynchronous

The journal archive directory is used to store replication segments (journal files) that are ready to be consumed by a replica using asynchronous replication.

Firebird will automatically move replication segments to this directory, unless journal_archive_command is defined.

If you have a single replica, the journal archive directory can be used directly by the replica (in journal_source_directory). This can — for example — be done by mounting or otherwise sharing the directory between both hosts.

If you have multiple replicas, each replica must have its own copy of the journal archive. Replicas will delete journal files they no longer need, which can conflict with the needs of another replica. Make sure that each journal file created by Firebird in this directory is copied to a location unique to a replica, or use the journal_archive_command instead.

The value of this configuration item also defines the $(archpathname) macro used in journal_archive_command.

This configuration item can be omitted when journal_archive_command is specified without the $(archpathname) macro.

journal_archive_command, journal_source_directory

Program (complete commandline with arguments) that is executed when a replication segment is full and needs archiving.

Asynchronous

This program must return exit-code zero only if archiving has been performed successfully. In particular, it must return a non-zero exit-code if the target archive already exists.

Special predefined macros are available:

If journal_archive_command is used without the $(archivepathname) macro, the configuration item journal_archive_directory can be omitted.

journal_directory, journal_archive_directory

Timeout, in seconds, to wait until an incomplete (not full) segment is scheduled for archiving.

Asynchronous

Second

60 (1 minute)

This configuration item can be used to minimize the replication gap if the database is modified rarely.

Zero (0) means no intermediate archiving, i.e. segments are archived only after reaching their maximum size (defined by journal_segment_size).

journal_segment_size

Connection information to the replica database (for synchronous replication).

Synchronous

Multiple entries are allowed (for different synchronous replicas).

The value of sync_replica is either:

To specify a username or password containing : or @, you must use a scoped value.

At most one username* and one password* key may be specified.

If username_file or password_file have a relative path, the path is resolved against the Firebird root directory.

The following settings only affect the replica side (a.k.a. secondary or slave) of replication.

Configures if changes applied to the replica will be subject to further replication (if any configured).

Synchronous, asynchronous

false

This setting only has an effect if the replica is also configured as a primary.

If disabled (the default), changes applied from incoming replication are not replicated. Only changes directly applied to the (read-write) replica (i.e. changes to the database by means other than replication) will be replicated to the “next” replica(s).

If enabled, the changes applied from incoming replication and changes directly applied to the replica will be replicated to the “next” replica(s).

Directory to search for the journal files to be applied to the replica.

Asynchronous

The replica searches the journal source directory for files to apply.

If there is only a single replica, the directory specified in this configuration item can be the same directory as specified in journal_archive_directory of the primary. This can — for example — be done by mounting or otherwise sharing the directory between both hosts.

If you have multiple replicas, each replica must have its own copy of the journal archive, and use its own directory. Replicas will delete journal files they no longer need, which can conflict with the needs of another replica.

journal_archive_directory, journal_archive_command

Filter to limit replication to a particular source database (based on its GUID).

Asynchronous

By default, asynchronous replication will (try to) apply all journal files — from any primary — that shows up in the journal_source_directory.

This setting can be used to only apply journal files from a specific primary, using its database GUID (e.g. as shown on the header page of gstat -h).

journal_source_directory

Configures if replication.log contains a detailed log of operations performed by replication.

Asynchronous

false

If disabled (the default), only errors and warnings are logged.

This setting only affects logging on the replica side. For error logging on the primary side, see log_errors.

log_errors

Timeout (in seconds) to wait before scanning for new replication segments.

Asynchronous

Second

10 (10 seconds)

When all existing journal files have been applied, replication waits for the specified duration before checking if new files have arrived in journal_source_directory.

journal_source_directory

Timeout (in seconds) to wait before retrying queued replication segments after an error.

Asynchronous

Second

60 (1 minute)

After an error when applying a replication segment, replication is paused for the specified duration before retrying.

The server disconnects from the replica database, sleeps for the specified timeout, then reconnects and tries to reapply the latest segments from the point of failure.

A trace configuration has the following order of evaluation rules to match a database or service

In other words, there can only be one (default) services section, and one default database section. At most one other database section (with value) is used for a database, the first one to match.

Enables tracing.

database, services

false

Path of trace log file (system trace only).

database, services

path is the absolute or relative path of the log file. This configuration item is only available for system trace configuration.

A backslash must be escaped as \\, or — on Windows — you can also use / as the path separator.

For database sections, regular expression references (sed-like) for substitutions based on the matched pattern (simple value of the section) are supported. \0 — whole matched string, \1 …​ \9 — regular expression groups (parenthesized subexpressions).

max_log_size

Maximum size of log files (in megabytes).

database, services

Megabyte (MiB)

0 (unlimited)

When the maximum log file size is reached, the log is rotated by renaming it to include the current date and time. A new log file with the name configured by log_filename is created.

A value of 0 (zero, the default) means that the file size is unlimited, and no rotation will occur.

This configuration item is only available for system trace configuration. For limiting user trace sizes, specify MaxUserTraceLogSize in firebird.conf.

log_filename, MaxUserTraceLogSize

Pattern for inclusion of trace events in a trace.

database, services

What is matched depends on the trace type:

Other event types are not subject to inclusion or exclusion.

exclude_filter

Pattern for exclusion of trace events in a trace.

database, services

What is matched depends on the trace type:

Other event types are not subject to inclusion or exclusion.

include_filter

Enables logging of database attach and detach events.

database

false

log_services

Limits the trace to a specific connection.

database

0 (all connections)

The value 0 (zero, the default) traces all connections. A non-zero value traces the connection with that specific connection id.

The connection id is the value reported by — for example — CURRENT_CONNECTION, and in column MON$ATTACHMENT_ID of MON$ATTACHMENTS.

It’s not possible to specify multiple connection ids.

Log start and end of transactions.

database

false

Log statement prepare.

database

false

print_plan, max_sql_length

Log statement free (close cursor, unprepare statement, drop statement handle).

database

false

Log statement execution start.

database

false

Log statement execution finish.

database

false

For statements with a cursor (e.g. SELECT), a statement is only finished when the last record has been fetched or the cursor is closed.

time_threshold

Log procedure compilation.

database

false

Log procedure execution start.

database

false

Log procedure execution finish.

database

false

time_threshold

Log function compilation.

database

false

Log function execution start.

database

false

Log function execution finish.

database

false

time_threshold

Log trigger compilation.

database

false

Log trigger execution start.

database

false

Log trigger execution finish.

database

false

time_threshold

Log context variable change (through RDB$SET_CONTEXT).

database

false

Log errors.

database, services

false

log_warnings, include_gds_codes, exclude_gds_codes

Log warnings.

database, services

false

log_errors, include_gds_codes, exclude_gds_codes

List of GDS codes of errors and warnings to include in trace.

database, services

Empty (include all errors and warnings)

If include_gds_codes is not set or set to empty, all errors and warnings — not excluded by exclude_gds_codes — are logged.

If include_gds_codes is non-empty, only errors or warnings that contain one of the specified GDS codes in their status vector will be logged.

log_errors, log_warnings, exclude_gds_codes, SQLCODE and GDSCODE Error Codes and Descriptions

List of GDS codes of errors and warnings to exclude from trace.

database, services

Empty (do not exclude any error or warning)

If exclude_gds_codes is not set or set to empty, no errors or warnings are excluded — though include_gds_codes can apply its own restrictions.

If exclude_gds_codes is non-empty, any error or warning that contains one of the specified GDS codes in their status vector will not be logged.

log_errors, log_warnings, include_gds_codes, SQLCODE and GDSCODE Error Codes and Descriptions

Log trace session init (start) and finish.

database, services

false

Log sweep activity.

database

false

Print access path (plan) with SQL statement.

database

false

The type of plan — legacy or explained — can be controlled with explain_plan.

log_statement_prepare, explain_plan

Print legacy plan (false) or explained plan (true).

database

false (legacy plan)

This setting only has effect when print_plan is enabled.

print_plan

Print detailed performance info when applicable.

database

false

Log BLR (Binary Language Representation) compilation and execution.

database

false

print_blr

Print BLR (Binary Language Representation) requests.

database

false

log_blr_requests, max_blr_length

Log dyn compilation and execution.

database

false

print_dyn

Print dyn requests.

database

false

log_dyn_requests, max_dyn_length

Only logs XXX_finish events if their timing exceeds the threshold.

database

Millisecond

100 (100 milliseconds)

log_statement_finish, log_procedure_finish, log_function_finish, log_trigger_finish

Maximum length of SQL strings in a log record.

database

Byte

300

Beware when adjusting max_XXX parameters! The maximum length of a log record for one event should not exceed 64KiB.

log_statement_prepare

Maximum length of BLR (Binary Language Representation) in a log record.

database

Byte

500

Beware when adjusting max_XXX parameters! The maximum length of a log record for one event should not exceed 64KiB.

print_blr

Maximum length of dyn in a log record.

database

Byte

500

Beware when adjusting max_XXX parameters! The maximum length of a log record for one event should not exceed 64KiB.

print_dyn

Maximum length of an individual string argument in a log record.

database

Byte

80

Beware when adjusting max_XXX parameters! The maximum length of a log record for one event should not exceed 64KiB.

log_statement_start, max_arg_count

Maximum number of query arguments in a log record.

database

Argument (parameter)

30

Beware when adjusting max_XXX parameters! The maximum length of a log record for one event should not exceed 64KiB.

log_statement_start, max_arg_length

Enables logging of service attach, detach, and start events.

services

false

log_connections

Enables logging of service query events.

services

false

Default text editor for isql.

Client

On Linux and other non-Windows OSes, EDITOR is only used if VISUAL is not set.

This is not a Firebird-specific environment variable, but a common convention for applications.

VISUAL

Default value of the “expected database” for Services Manager connections for use of a non-default security database.

Client

The value of this environment variable is a database alias or path. It is used — client-side — to set the value of SPB item isc_spb_expected_db if it was not explicitly set.

When establishing a Services Manager connection, the server looks up the databases.conf entry of the “expected database”, and uses its value of SecurityDatabase as the security database. If there is no databases.conf entry, or the entry has no value for SecurityDatabase, the value from firebird.conf is used.

Overrides the Firebird root directory.

Client, Server/Embedded

The Firebird root directory determines where the server or client reads other configuration (e.g. firebird.conf) from. It also serves as the default location for firebird.msg^[9], if not overridden by FIREBIRD_MSG or ISC_MSGS

In general, this should only be set or changed to configure clients and embedded instances, not servers. An incorrect root directory for the server may result in the server using incorrect configuration, or not being able to load required plugins and other components.